SIEM
SIEM stands for
Security Information and Event Management
It usually takes around --- for a SIEM to get used to network traffic and become effective
90 days
Some of the more popular vendors of SIEMs include ---, ---, ----
Splunk, AT&T, and RSA
True or false: This activity can be presented on an individual log-by-log inspection, or, as most SIEMs offer, through graphical reports, timelines, and charts to show pattern analysts
True
Log analysis happens in real time across all user accounts in a network, and is fed to SIEM by other software like ---, ---, ----, --- etc
antivirus, IDS, WAPs, routers
Reasons to have a SIEM
be notified timely of suspicious activity, have an event log to analyze where attacks began, adhere to compliance standards
SIEM purpose
identify, store, and manage security incidents
An example of some activity which may be recognized:
malicious software being downloaded, user logins and logouts, file data being written or exported, account deletions or creations, etc
You can search for events in a variety of ways, such as -------------------
source IP, Destination IP, date of activity, event type, user names, etc.
The main goals of a SIEM are:
to create reports on incidents and events and send alerts for potential security risks
true or false: You can also save logs from other devices of past events to upload into a SIEM to analyze
true