Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

06 Sound the Alarm: Detection and Response > MD4 Overview of security information event management (SIEM) tools: Reexamine SIEM tools > Flashcards

MD4 Overview of security information event management (SIEM) tools: Reexamine SIEM tools Flashcards

1
Q

SIEM

A

SIEM is an application that collects and analyzes log data to monitor critical activities in an organization. It does this by collecting, analyzing, and reporting on security data from multiple sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SIEM process for data collection

A

Previously, you learned about the SIEM process for data collection. Let’s revisit this process. First, SIEM tools COLLECT AND PROCESS enormous amounts of data generated by devices and systems from all over an environment. Not all data is the same. As you already know, devices generate data in different formats. This can be challenging because there is no unified format to represent the data. SIEM tools make it easy for security analysts to read and analyze data by NORMALIZING it. Raw data gets processed, so that it’s formatted consistently and only relevant event information is included. Finally, SIEM tools INDEX the data, so it can be accessed through search. All of the events across all the different sources can be accessed with your fingertips.

SIEM tools make it easy to quickly access and analyze the data flows happening across networks in an environment. As a security analyst, you may encounter different SIEM tools. It’s important that you’re able to adjust and adapt to whichever tool your organization ends up using. With that in mind, let’s explore some SIEM tools currently used in the security industry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SPLUNK

A

Splunk is a data analysis platform. Splunk Enterprise Security provides SIEM solutions that let you search, analyze, and visualize security data. First, it collects data from different sources. That data gets processed and stored in an index. Then, it can be accessed in a variety of different ways, like through search.

SPLUNK

CHRONICLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Chronicle is Google Cloud’s SIEM, which stores security data for search, analysis, and visualization. First, data gets forwarded to Chronicle. This data then gets normalized, or cleaned up, so it’s easier to process and index. Finally, the data becomes available to be accessed through a search bar.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

06 Sound the Alarm: Detection and Response (51 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions