Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Trellix ESM 11.0 and 11.5 Essentials > Correlation with ESM > Flashcards

Correlation with ESM Flashcards

1
Q

What is correlation?

A

Is the process to turn logs into meaningfull data. ERC and ACE supports correlations but ERC only support rule-based correlation while ACE supports rule-based, risk-based, and correlation with flows (ACE also can be run in real-time or historical mode).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Normalization?

A

Is the act of changing different types of logs into a single format which enables event correlation to occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does it work a correlation engine on an ERC?

A
  • Analyzes data flowing from an ESM
  • Detect suspicious patterns within this data
  • Create correlation alerts
  • Alerts then are inserted into ERC alerts database
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the two types of correlation engines that an ACE has?

A
  • Risk correlation: A risk detection engine that generates a risk score using ruleless correlation.
  • Rule correlation: A threat detection engine that detects threats using a traditional rule-based event correlation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What dedicated appliance can be deployed alongside the ESM to provide correlation logic that supplements the existing event correlation capabilities?

A

ACE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Trellix ESM 11.0 and 11.5 Essentials (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions