🟦
LSWSec-Defensive
  • LSWSec - Defensive Security Notes
  • General
    • Tool List
  • Threat Intelligence
    • Introduction
    • Threat Actors and APTs
    • Operational Threat Intelligence
    • Tactical Threat Intelligence
    • Strategic Threat Intelligence
    • Malware and Global Campaigns
  • Phishing
    • Introduction
    • Investigating a Phishing Email
    • Analysing
    • Defensive Action
    • Reactive Measures
    • Report Writing
  • Digital Forensics
    • Introduction
    • Digital Evidence and Handling
    • Memory, Pagefile and Hibernation file
    • Digital Evidence Collection
    • Windows Investigation
    • Linux Investigations
    • Volatility
    • Autopsy
    • Windows Commands
      • Network Discovery
      • DHCP
      • DNS
  • SIEM
    • Introduction
    • Logging
    • Correlation
  • Incident Response
    • Introduction
    • Preperation
    • Detection & Analysis
    • Containment, Eradication and Recovery
    • reporting
    • MITRE Att&ck
  • Event Viewer
    • event Summary
    • Event ID: 4648
    • Event ID: 4776
    • Event ID: 4673
    • Event ID: 4625
Powered by GitBook
On this page
  • Security Information Management (SIM)
  • Security Event management (SEM)
  • Security information and event management
  • SIEM Platforms
  1. SIEM

Introduction

Security Information Management (SIM)

  • Specialized security software which helps collect monitor and analyse security events

  • Collect data from legs and translates it into a easily usable format

  • Monitor events in real time

  • Send and generate alerts and reports

  • Automate incident response

  • Correlation of data from multiple sources

  • Translation of event logs

  • Easy to deploy

  • Store and analyze large volumes of data

  • Fast and efficient analysis

  • Correlate logs and events to provide the most accurate overview of the system

  • Allows for easy threat management

  • Can be expensive

  • Not certain they can properly adapt to working environment

  • Not all providers provide full technical support

Security Event management (SEM)

  • Specialized in identification collection monitoring evaluation notifications and correlation in real time of events and alerts

  • Used to identify suspicious behaviour

  • Real time monitoring

  • Obtain security events in devices and applications within the system.

  • Correlation of events provide clear picture of the system

  • Analyze logs

  • Real time incident response

  • Centralization of information

  • Reduction of false positives

  • Improvement in response time

  • Hard to deploy

  • High cost can prevent failures

Security information and event management

  • Aggregates and analyzes information

  • Combination of SIM and SEM

  • Configure devices to send logs to SIEM

  • Advanced threat detection

  • Forensic and incident response

  • Compliance reporting and auditing

SIEM Platforms

  • Graylog open source and enterprise versions

  • ARCSight

  • QRADAR

  • Logrhythm

  • Splunk

PreviousDNSNextLogging

Last updated 1 year ago