1. Collection 2. Parsing 3. Evaluation 4. Correlation 5. Tickets managed by SOC

1. QRadar (IBM) 2. ArcSight 3. AlienVault 4. SPLUNK

Module 5,6,7: SIEM and SOAR Flashcards by Jose N FESTIN

SIEM

Security Information Event Management

How well did you know this?

Not at all

Perfectly

NAC

Security Access Control

How well did you know this?

Not at all

Perfectly

SOC

Security Operations Center

How well did you know this?

Not at all

Perfectly

NOC

Network Operations Center

How well did you know this?

Not at all

Perfectly

SIEM Workflow

Collection
Parsing
Evaluation
Correlation
Tickets managed by SOC

How well did you know this?

Not at all

Perfectly

SIEM Software

QRadar (IBM)
ArcSight
AlienVault
SPLUNK

How well did you know this?

Not at all

Perfectly

What is SNORT

Network IDS/IPS

How well did you know this?

Not at all

Perfectly

WAF

Web Application Firewall

How well did you know this?

Not at all

Perfectly

Log Types

Application Logs

2. OS Logs

How well did you know this?

Not at all

Perfectly

Operators

AND, OR, NOT, IN

How well did you know this?

Not at all

Perfectly

Aggregation Alerts

Similar attacks, Brute Force, port scanning

How well did you know this?

Not at all

Perfectly

Correlation Alerts

Different Alerts, single target

How well did you know this?

Not at all

Perfectly

Anomaly Alert

Suspicious Behavior

How well did you know this?

Not at all

Perfectly

SOAR

Security Orchestration Automation and Response

How well did you know this?

Not at all

Perfectly

Demisto

SOAR

How well did you know this?

Not at all

Perfectly

Playbook

Flow of actions to respond to scenarios which may be automated or human response

Brainscape's Knowledge GenomeTM

Module 5,6,7: SIEM and SOAR Flashcards

Brainscape's Knowledge Genome^TM