Logs and SIEM tools
As a security analyst,
one of your responsibilities might include analyzing
log data to mitigate and manage
threats, risks, and vulnerabilities.
As a reminder, a log is a record of events that
occur within an organization's systems and networks.
Security analysts access a variety
of logs from different sources.
Three common log sources include firewall logs,
network logs, and server logs.
Let's explore each of these log sources in more detail.
A firewall log is a record of attempted or
established connections for
incoming traffic from the internet.
It also includes outbound requests
to the internet from within the network.
A network log is a record of
all computers and devices
that enter and leave the network.
It also records connections between
devices and services on the network.
Finally, a server log is a record of
events related to services such as websites,
emails, or file shares.
It includes actions such as login,
password, and username requests.
By monitoring logs, like the one shown here,
security teams can identify
vulnerabilities and potential data breaches.
Understanding logs is important
because SIEM tools rely on
logs to monitor systems and detect security threats.
A security information and event management, or SIEM, tool
is an application that
collects and analyzes log data to
monitor critical activities in an organization.
It provides real-time visibility,
event monitoring and analysis, and automated alerts.
It also stores all log data in a centralized location.
Because SIEM tools index and minimize the number of logs
a security professional must
manually review and analyze,
they increase efficiency and save time.
But, SIEM tools must be configured and customized to
meet each organization's unique security needs.
As new threats and vulnerabilities emerge,
organizations must continually customize
their SIEM tools to ensure that
threats are detected and quickly addressed.
Later in the certificate program,
you'll have a chance to practice using
different SIEM tools to
identify potential security incidents.
Coming up, we'll explore
SIEM dashboards and how cybersecurity
professionals use them to monitor for
threats, risks, and vulnerabilities.
No Comments