Security Automation Flashcards
1
Q
SOAR
A
Security Orchestration Automation Response tools allow an organisation to collect data about security threats from various sources and respond to low-level events without human intervention.
Soar has 3 important capabilities:
- Threat and vulnerabilities management
- Security incident response
- Security operations automation
2
Q
SIEM
A
Security Information and Event Management systems use log collectors to aggregate log data from sources such as security devices, network devices, servers and applications. Logs can generate many events in a day so SIEM systems help to reduce event volume by combining similar events to reduce the event data load.
SIEM identifies deviations from the norm and then takes the appropriate action.
The goals of SIEM system for security monitoring are:
- Identify internal and external threats
- Monitor activity and resource usage
Conduct compliance reporting for audits - Support incident response