Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Section 25: Investigating an incident > Investigating with Data > Flashcards

Investigating with Data Flashcards

1
Q

SIEM

A

Security Information and Event Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does a SIEM do?

A

Combination of different data sources into one tool that provides real-time analysis of security alerts generated by security applications and hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why are log reviews important?

A

Critical for security assurance and logs should be reviewed regularly and routinely, not just after an incident or as part of an instant responseS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SIEM Functionality

A

Correlates and analyzes log data, consolidates data from various systems into a centralized database or repository, Consolidates data from various systems into a centeralized database or repository, Detects patterns indiciating security threats, and generates alerts for security teams to investigate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Agent-Based vs. Agentless SIEM

A

Agent-Based and Agentless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Agent-based

A

Software agents that are installed on each system to collect and send log data and it provides real-time data and detailed information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Agentless

A

Log data is collected directly from systems using standard protocols and reduce maintenance but may not collect real-time or detailed data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SIEM Implementations considerations

A

Log all relevant events and filter out irrelevant data, establish and document the scope of events, develop use cases to define threats, plan incident response actions for different events, establish a ticketing process to track flagged events, schedule regular threat hunting to detect unnoticed events, and provide auditors and analysts with an evidence trail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Common SIEM Solutions

A

Splunk, ELK (Elastic Stack0. ArcSight, and QRadar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Splunk

A

Big data information gathering and analysis tool, offers connectors for various data systems, and provides search processing language for data analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ELK

A

Collection of free and open-source SIEM tools such as Elastic Search, Logstash, Kibana, and Beats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ArcSight

A

SIEM log management and analytics software, suitable for compliance reporting for regulations like HIPAA, SOX, and PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

QRadar

A

A SIEM log management, analytics, and compliance reporting platform created by IBM and it offers a dashboard for data visualization and analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Section 25: Investigating an incident (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions