SIEM

Question 1

Elastic Search Components

Answer 1

Logstash
Kibana
Beats

Question 2

What is logstash?

Answer 2

Ingest pipeline that enriches the data.

Question 3

What is Kibana

Answer 3

Visualization tool

Question 4

What are beats?

Answer 4

Lightweight single purpose data shippers

Question 5

What is Splunk?

Answer 5

Used for collecting, normalizing, aggregating, and analyzing a lot of data.
Maybe in real time.

Question 6

What are the types of forwarders in Splunk?

Answer 6

Universal forwarder
Heavy forwarder
Light forwarder

Question 7

What is a universal forwarder?

Answer 7

Does not even parse data, just literally forwards it to the next thing.

Question 8

What is a heavy forwarder?

Answer 8

Combination of a universal forwarder and an indexer. FOrwards, indexes, and searches.

Question 9

What is a light forwarder?

Answer 9

Old

Question 10

What is an Indexer in Splunk?

Answer 10

Index incoming data and searches it.

Question 11

What is a splunk dashboard

Answer 11

Collections of search queries. Can be updated in real time.

Question 12

What is a splunk app?

Answer 12

Prepackaged frontend solutions. lots of dashboards.

Question 13

What is netflow?

Answer 13

A feature that allows network administrators to monitor traffic.

Question 14

what is a netflow exporter?

Answer 14

Sends data

Question 15

What is a netflow collector?

Answer 15

Receives netflow data

Question 16

What is a netflow analyzer?

Answer 16

Processes records collected by a flow collector.

Question 17

When is a flow complete?

Answer 17

The flow is inactive
The flow is active but timed out
The flow is terminated by TCP

Question 18

What is nprobe?

Answer 18

A flow exporter

Question 19

Which Splunk component distributes searches, but rarely has indexes of its own

Answer 19

Search head