Security Incident and Event Management (SIEM) Overview
Starting from the top, a Security Operations Center (SOC) is in charge of proactively keeping company assets safe, such data stored on a company's network. One such tool for the SOC to do their job is to use a Security Incident and Event Management (SIEM) tool. SIEM collects data from a 1) wide variety of sources in 2) wide variety of formats - to enable a real time view and broad analysis of past data. SIEM is more about collecting, indexing, tagging, contextual mining than it is about security per se. That is why Splunk (a logging collection and analytics platform) is a leader in the Gartner SIEM MQ.
Sources of data to SIEM:
- Endpoint (EP)
- Firewall (FW)
- Intrusion Detection System (IDS)
Types of data sent or accessible to SIEM:
- events
- messages
- logs
Types of actions from SIEM:
- alert
- analysis
- reporting
No comments :
Post a Comment