Investigative Data Flashcards
What security tool collects data from multiple sources to provide real-time analysis of security alerts generated on both network hardware and applications?
Security Information and Event Monitoring (SIEM)
What type of file records events that occur on an OS, in applications, or messages between users?
Log Files
What are the different type of log files?
Network System Application System Web DNS Authentication Dump Files (when something crashes) VoIP Call Managers
What are the 3 variations of syslog and which came first through last?
- syslog (oldest)
- rsyslog
- syslog-ng (latest)
Note: this is the file that enables computer capability to log files in a central repository. rsyslog and syslog-ng only work on Linux/Unix
Exam Tip: Just know the order of oldest to latest
What Linux command line utility is used to query and display logs from “journald”?
journalctl
Note: journald is the “systemd” logging service on Linux
Note: the “d” means daemon
Note: daemon = server
What is the multi-platform log management tool that helps identify security risks, policy breaches, or analise problems in server, operational system, and application logs?
nxlog
Note: It is cross-platform, open-source. It functions similarly to syslog-ng but unlike syslog-ng, it can work on Windows
What network protocol was created by Cisco, collects inbound and outbound IP network traffic, to include its point of origin, destination, volume, and paths on the network?
netflow
Note: This is not a packet capture protocol, it just captures data like who’s using the most bandwidth and where are they connecting to etc.
What is the open source version of netflow that exports truncated packets?
sflow (Sampled Flow)
Note: A truncated packet is just taking a small sample of packets for analysis.
What protocol has the ability to track how much bandwidth is being used via routers and other devices in order to facilitate billing and accounting?
Internet Protocol Flow Information Export (IPfix)
Note: Think of this as the way mobile phone companies track how much bandwidth you use. Used for security purposes as well.
What is data, that describes other types of data by providing a definition or summary of basic information?
Metadata
Note: Think of your phone bill telling you who you called and how long you called them for.