ESM 11 Product Overview Flashcards

1
Q

What are the 7 components of a Trellix SIEM ESM 11.0?

A

The components of Trellix ESM 11.0 SIEM are:
* Enterprise Security Manager (ESM)
* Advance Correlation Engine (ACE)
* Application Data Monitor (ADM)
* Database Event Monitor (DEM)
* Entreprise Log Search (ELS)
* Enterprise Log Manager (ELM)
* Event Receiver (ERC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the purpose of the ESM?

A

The ESM collects and aggregates data and events from security devices, networks infraestructures, sytems and applications. Available as hardware or VM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the purpose of the ERC?

A

The ERC collects 3rd party logs, events and flow data for correlation and analysis by the ESM. Available as hardware or VM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the purpose of the ELM?

A

The ELM provides compliant log management functions, this can be tought as cold storage. Available as hardware or VM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of the ELS?

A

The ELS search for events in any part of the log by creating indexes in data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose of the ACE?

A

The ACE provides correlation to identify and score threat events using rules or base risk logic. Available as hardware or VM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the ADM?

A

The ADM monitors more than 500 known applications. Available as hardware only due to cluster configuration and mirror port needed to monitor the traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of the DEM?

A

The DEM automates the collection, management, analysis, visualization, and reporting of database access. Available as hardware only due to cluster configuration and mirror port needed to monitor the traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In relation to architectural design of the ESM to what refers the Databus (Kafka Stream Bus)?

A

This component refers to the data streaming of the ESM solution, now provides scalability to 2M+ transactions/second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

All the devices that produces alert data like ERC and ACE have a kafka instance implemented which is connected to the DEM via Snoflex? True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In relation to architectural design of the ESM to what refers the concept of sharding and what components are related to this?

A

Sharding is a method of horizontal data partitioning that is used to separate very large data models into smaller, faster, more easily managed pieces called data shards. The components related into this are the Databus (Kafka Stream Bus) and the databases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In relation to the new architectural design of the ESM how the ACE works?

A

Alerts collected by the ESM are published to the databus, this data is not send by the ESM to the ACE anymore. The ACE gets it directly from the Databus afeter generating the correlated events the alerts are stored into the alerts database and then published again into the Databus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are some advantages of Snowflex Replication - HA?

A
  • Increases performances through load balanced queries
  • Allows to use Standby ESM instead of Active ESM in case of failure
  • Support for ESMs in separate datacenters or replication in a single datacenter
  • More than one replica possible if required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some advantages of Snowflex Scalability?

A
  • Increased performance of ingestion and query speed by combining load balancing with data distribution using shards
  • New data is load balanced automatically as nodes are added
  • Optimal shard configuration determined automatically
How well did you know this?
1
Not at all
2
3
4
5
Perfectly