Please enable JavaScript.
Coggle requires JavaScript to display documents.
SIEM (Introduction (SIM- Security Information Management (Type of software…
SIEM
Introduction
-
-
-
Gather Data from many devices, correlate events and provide information and knowledge in form of reports and alerts
-
-
SIEM in organizations
-
-
Asset analysis
-
-
-
-
Humans can easily read this, but, what about automatic correlation rules?
Risk assessment
-
-
The asset definition, along with the risk assessment and the organization's specific requirements determine the reliability of attacks and the asset values
-
SIEM specific goals
-
-
A balance is required, which in turn requires an in-depth analysis
Components of a SIEM
Collection
-
-
Pros - Cons
Agent-based are harder to maintain, but facilitates the task in SIEM astray usually apply normalization
-
-
-
-
Alert management
Correlation engine outputs new events, which may trigger alarms
OSSIM, an alarm is an event involving a risk higher than zero
-
-
After analyzing the alarm, it is required to open a ticket. Contents
-
-
-
-
-
-
-
-
-
Report
-
-
Different points of view
Security Events Statistics by source, destination and type
-
-
-
-
-
-
-
-