Security Information and Event Management (SIEM)

Question 1

What is a SIEM?

Answer 1

Security Information Event Management

solution that provides real-time or near real-time analysis of your security alerts that are being generated by network hardware and applications.

Question 2

What is an Agent?

Answer 2

small piece of software that’s going to be installed on each system, such as a server or workstation from which the SIEM needs to gather and collect log data.

Question 3

What is Agentless Installation?

Answer 3

Under this approach, the SIEM system will directly collect log data from each system using a standard protocol like SNMP or WMI.

Question 4

What is Splunk?

Answer 4

market-leading big data information-gathering and analysis tool that can import machine-generated data via a connector or a visibility add-on.

Question 5

What ELK (Elastic Stack)?

Answer 5

collection of free and open source SIEM tools that provide storage, search, and analysis functions.

Question 6

What is ArcSight?

Answer 6

SIEM log management and analytics software that can be used for compliance reporting for legislation and regulations like HIPAA, SOX and PCI DSS

Question 7

What is QRadar?

Answer 7

SIEM log management analytics and compliance reporting platform, but this one was created by IBM.