Security Operations: Examining investigations data sources and log data Flashcards

1
Q

What are the data sources that support investigations?

A

Dashboard
Vulnerability
Automated reports
Packet captures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do logs support investigations?

A

Firewall Logs
IPS/IDS logs
Application logs
Endpoint Logs
Security logs specific to an operating system OS
Network logs
Metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are involved in dashboards?

A

Dashboard: Typically, these are security dashboards. Examples include:

Microsoft 365 Defender.

Tenable One: Exposure Management Platform.

SolarWinds Security Event Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is vulnerability scans?

A

Vulnerability scans: Systematically identifying and documenting security weaknesses and potential entry points for attackers within a network or system helps aid in the assessment of potential breach vectors and vulnerable areas. - You will need permission for this before conducting this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Automated reports?

A

Automated reports: Streamlining investigations by providing quick access to structured and up-to-date information facilitates informed decision making and timely responses during cybersecurity incidents or forensic examinations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Packet Captures?

A

Packet captures: Capturing and storing network traffic data enables detailed analysis of network communication patterns, potential threats, and evidence of malicious activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Firewall logs?

A

Firewall logs: Recording network traffic and security events allows analysts to track, analyze, and detect suspicious or unauthorized activities. This helps identify potential threats and incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IPS/IDS?

A

IPS/IDS logs: Logs from an intrusion prevention system (IPS) or intrusion detection system (IDS) provide a detailed record of network traffic and intrusion attempts, which aids in the analysis of security incidents and helps security teams respond effectively to threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Application logs

A

Application logs: Recording detailed information about application activities and user interactions provides a valuable source of data for analyzing application behavior, identifying issues, and detecting anomalies or security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Endpoint logs?

A

Endpoint logs: Recording detailed information about activities on individual devices offers insights into user behavior, system events, and potential security incidents. This aids in the detection and response to threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Security logs specific to an operating system (OS)?

A

Security logs specific to an operating system (OS): Providing detailed records of system events, errors, user actions, and security-related activities helps identify and thwart threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Network logs?

A

Network logs: Capturing critical information about network traffic, connections, and communication patterns helps analysts monitor, detect, and investigate security incidents and troubleshoot network issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Metadata?

A

Metadata: Providing valuable information about data, such as its origin, timestamp, and interactions, enables investigators to reconstruct events, track sources, and establish timelines during digital forensic analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly