SIEM

¡Supera tus tareas y exámenes ahora con Quizwiz!

SIEM stands for

Security Information and Event Management

It usually takes around --- for a SIEM to get used to network traffic and become effective

90 days

Some of the more popular vendors of SIEMs include ---, ---, ----

Splunk, AT&T, and RSA

True or false: This activity can be presented on an individual log-by-log inspection, or, as most SIEMs offer, through graphical reports, timelines, and charts to show pattern analysts

True

Log analysis happens in real time across all user accounts in a network, and is fed to SIEM by other software like ---, ---, ----, --- etc

antivirus, IDS, WAPs, routers

Reasons to have a SIEM

be notified timely of suspicious activity, have an event log to analyze where attacks began, adhere to compliance standards

SIEM purpose

identify, store, and manage security incidents

An example of some activity which may be recognized:

malicious software being downloaded, user logins and logouts, file data being written or exported, account deletions or creations, etc

You can search for events in a variety of ways, such as -------------------

source IP, Destination IP, date of activity, event type, user names, etc.

The main goals of a SIEM are:

to create reports on incidents and events and send alerts for potential security risks

true or false: You can also save logs from other devices of past events to upload into a SIEM to analyze

true

Ver todos los conjuntos de estudio

SIEM

Conjuntos de estudio relacionados

Programming with C++ Exam 1 Review

Cell Specialization

DSM 6

Strategic Management Chapter 1

US 2 Chapter 31

Chapter 33 Mobility PrepU

Kines 341 Exam 2

Adverbs XD

A&P Ch 18.1-18.2 HW

Stat. Ch 4

Life Study 1

Basic

Chapter 32: The Building of Global Empires

History Final Extended Response

Teach Yourself Complete Arabic vocabulary

Intro. to Marketing Unit 3 Exam

Bus Law Ch 4 (kv)

Financial Management Exam 2

NUR 3000 Exam 1

Ch 1- Sociology of Sport: What is it and why study it?