SIEM

SIEM stands for

Security Information and Event Management

It usually takes around --- for a SIEM to get used to network traffic and become effective

90 days

Some of the more popular vendors of SIEMs include ---, ---, ----

Splunk, AT&T, and RSA

True or false: This activity can be presented on an individual log-by-log inspection, or, as most SIEMs offer, through graphical reports, timelines, and charts to show pattern analysts

True

Log analysis happens in real time across all user accounts in a network, and is fed to SIEM by other software like ---, ---, ----, --- etc

antivirus, IDS, WAPs, routers

Reasons to have a SIEM

be notified timely of suspicious activity, have an event log to analyze where attacks began, adhere to compliance standards

SIEM purpose

identify, store, and manage security incidents

An example of some activity which may be recognized:

malicious software being downloaded, user logins and logouts, file data being written or exported, account deletions or creations, etc

You can search for events in a variety of ways, such as -------------------

source IP, Destination IP, date of activity, event type, user names, etc.

The main goals of a SIEM are:

to create reports on incidents and events and send alerts for potential security risks

true or false: You can also save logs from other devices of past events to upload into a SIEM to analyze

true