Unit 2 - Module 3 Flashcards
What are 3 Common Log Sources?
1) Firewall Logs
2) Network Logs
3) Server Logs
A Firewall Log records what kind of traffic and what requests from the internet?
Incoming Traffic and Outbound requests.
A network log records what 2 connections?
1) Records all computers and devices connected to the network.
2) Records connections between devices and services.
Server Log records what? It also includes what actions?
1) Records websites, emails, or file shares.
2) Records actions such as login, password, and username requests.
What does SIEM tool stand for?
Security Information and Event Management
What does a SIEM tool do?
Collects and analyzes log data to monitor critical activities.
Define SEIM Metrics
Response time, availability, and failure rate which are used to asses the performance of a software application.
What is does SOAR stand for?
Security orchestration, automation, and response.
What is SOAR made up of and what does it do?
1) Collection of applications, tools, and workflows.
2) Uses automation to respond to security incidents.
What are 3 types of SIEM tools?
Self-Hosted
Cloud-hosted
Hybrid
1) What is Splunk Enterprise? 2) How is it hosted? 3) What does it do?
1) A SIEM tool
2) Self-hosted
3) Retain, analyze and searches companies log data
1) What is Splunk Cloud? 2) How is it hosted? 3) What does it do?
1) A SIEM tool
2) Cloud-hosted
3) Retain, analyze and searches companies log data
1) What is Chronicle? 2) How is it hosted? 3) What does it do?
1) A SIEM tool
2) Cloud-native
3) Retain, analyze and searches companies log data
What is the Security posture dashboard?
Monitors and investigates potential threats in real time.
( Displays last 24 hours )
What is the Executive summary dashboard?
This dashboard analyzes and monitors the overall health of the organization over time