Unit 2 - Module 3 Flashcards
What are 3 Common Log Sources?
1) Firewall Logs
2) Network Logs
3) Server Logs
A Firewall Log records what kind of traffic and what requests from the internet?
Incoming Traffic and Outbound requests.
A network log records what 2 connections?
1) Records all computers and devices connected to the network.
2) Records connections between devices and services.
Server Log records what? It also includes what actions?
1) Records websites, emails, or file shares.
2) Records actions such as login, password, and username requests.
What does SIEM tool stand for?
Security Information and Event Management
What does a SIEM tool do?
Collects and analyzes log data to monitor critical activities.
Define SEIM Metrics
Response time, availability, and failure rate which are used to asses the performance of a software application.
What is does SOAR stand for?
Security orchestration, automation, and response.
What is SOAR made up of and what does it do?
1) Collection of applications, tools, and workflows.
2) Uses automation to respond to security incidents.
What are 3 types of SIEM tools?
Self-Hosted
Cloud-hosted
Hybrid
1) What is Splunk Enterprise? 2) How is it hosted? 3) What does it do?
1) A SIEM tool
2) Self-hosted
3) Retain, analyze and searches companies log data
1) What is Splunk Cloud? 2) How is it hosted? 3) What does it do?
1) A SIEM tool
2) Cloud-hosted
3) Retain, analyze and searches companies log data
1) What is Chronicle? 2) How is it hosted? 3) What does it do?
1) A SIEM tool
2) Cloud-native
3) Retain, analyze and searches companies log data
What is the Security posture dashboard?
Monitors and investigates potential threats in real time.
( Displays last 24 hours )
What is the Executive summary dashboard?
This dashboard analyzes and monitors the overall health of the organization over time
1) What is the Incident review dashboard? 2) How can it be helpful after an incident?
1) This dashboard allows analysts to identify suspicious patterns that can occur in the event of an incident.
2) This dashboard can be very helpful because it provides a visual timeline of the events leading up to an incident.
What does the Risk Analysis Dashboard help with?
The risk analysis dashboard helps analysts identify risk for each risk object (e.g., a specific user, a computer, or an IP address).
What is Enterprise insights dashboard?
This dashboard highlights recent alerts, identifying suspicious domain names in logs, known as indicators of compromise (IOCs).
What is Data ingestion and health dashboard?
The data ingestion and health dashboard shows the number of event logs, log sources, and success rates of data being processed into Chronicle.
What is IOC matches dashboard?
The IOC matches dashboard indicates the top threats, risks, and vulnerabilities to the organization.
What is the Main dashboard?
The main dashboard displays a high-level summary of information related to the organization’s data ingestion, alerting, and event activity over time.
What is the Rule detections dashboard?
The rule detections dashboard provides statistics related to incidents with the highest occurrences, severities, and detections over time.
