Unit 6 - Module 4 - IDS & SIEM Tools Flashcards
What is a record of events that occur within an organization’s systems?
A Log
What is the process of examining logs to identify events of interest?
Log Analysis
What is the process of examining logs to idenify events of interest?
Log Analysis
What are the 5 most common log types?
1) Network
2) System
3) Application
4) Security
5) Authentication
What is the process of collecting, storing, analyzing, and disposing of log data?
Log Management
What is a set of data that presents two linked itmes?
ie) a key and it’s corresponding value. “Alert” : “Malware”
Key-Value Pair
What is a data type that stores data in a comma-seperated list of key-value pairs?
ie ) “User”
{
“id”: “1234”,
“name”: “user”,
“role”: “engineer”
}
Object
What is a data type that stores data in a comma-separated ordered list?
Array
What log format that uses key-value pairs to structure data and identify fields and their corresponding values?
ie) CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension
Common Event Format (CEF)
What 3 capabilities can syslog be used for?
Service
Protocol
Log Format
What is the collection and transmission of data for analysis?
Telemetry
What’s an application that monitors activity and alerts on possible intrusions?
Intrusion Detection System (IDS)
What is it called when any device connected on a network?
Endpoint
What is an application that monitors the acitivty of the host on which it’s installed?
Host-Based Intrusion Detection System (HIDS)
What application collects and monitors network traffic and network data?
Network-based intrusion detection system (NIDS)