Module 4 Flashcards
what are logs?
a record of events that occur within an organization’s systems
source of data that the tools are designed to organize
what are SIEM tools? what does SIEM stand for?
Security Information and Event Management. An application that collects and analyzes log data to monitor critical activities in an organization
What is splunk? what does SPLUNK Enterprise do?
a data analysis platform and SPLUNK Enterprise provides SIEM solutions
What is SIEM Enterprise?
a self hosted tool used to retain, analyze, and search an organization’s log data
What is Chronicle?
a **cloud-native **SIEM tool that stores security data for search and analysis
From Google
What is cloud-native?
Chronicle allows for fast delivery of new features
What does security analysts use SIEM tools for?
- analyze filtered events and patterns
- perform incident analysis
- proactively search for threats
What are playbooks?
a manual that provides details about any operation action
what is the official term for packet sniffer? what is it?
Network Protocol Analyzer. A tool designed to capture and analyze data traffic within a network
what is a dashboard?
tool used to visually communicate information or data
What are common types of packet sniffers?
- TCP Dump
- Wireshark
What are two types of playbooks?
- chain of custody
- protecting and perserving evidence
what is chain of custody?
the process of documenting evidence possession and control during an incident lifecycle
What is Protecting and Perserving Evidence Playbook?
the process of properly working with fragile and volatile digital evidence
