Logs and SIEM tools

As a security analyst,
one of your responsibilities might include analyzing
log data to mitigate and manage
threats, risks, and vulnerabilities.
As a reminder, a log is a record of events that
occur within an organization's systems and networks.
Security analysts access a variety
of logs from different sources.
Three common log sources include firewall logs,
network logs, and server logs.
Let's explore each of these log sources in more detail.

A firewall log is a record of attempted or
established connections for
incoming traffic from the internet.
It also includes outbound requests
to the internet from within the network.

A network log is a record of
all computers and devices
that enter and leave the network.
It also records connections between
devices and services on the network.

Finally, a server log is a record of
events related to services such as websites,
emails, or file shares.
It includes actions such as login,
password, and username requests.

By monitoring logs, like the one shown here,
security teams can identify
vulnerabilities and potential data breaches.
Understanding logs is important
because SIEM tools rely on
logs to monitor systems and detect security threats.

A security information and event management, or SIEM, tool
is an application that
collects and analyzes log data to
monitor critical activities in an organization.
It provides real-time visibility,
event monitoring and analysis, and automated alerts.
It also stores all log data in a centralized location.

Because SIEM tools index and minimize the number of logs
a security professional must
manually review and analyze,
they increase efficiency and save time.

But, SIEM tools must be configured and customized to
meet each organization's unique security needs.
As new threats and vulnerabilities emerge,
organizations must continually customize
their SIEM tools to ensure that
threats are detected and quickly addressed.

Later in the certificate program,
you'll have a chance to practice using
different SIEM tools to
identify potential security incidents.

Coming up, we'll explore
SIEM dashboards and how cybersecurity
professionals use them to monitor for
threats, risks, and vulnerabilities.

Play It Safe: Manage Security Risks Introduction to Cert 2

Course 2 overview

Google Cybersecurity Certificate glossary

Welcome to week 1

Explore the CISSP security domains, Part 1

Explore the CISSP security domains, Part 2

Security domains cybersecurity analysts need to know

Ashley: My path to cybersecurity

Threats, risks, and vulnerabilities

Herbert: Manage threats, risks, and vulnerabilities

NIST’s Risk Management Framework

Manage common threats, risks, and vulnerabilities

Wrap-up

Welcome to week 2

Frameworks

Controls

The relationship between frameworks and controls

Explore the CIA triad

Use the CIA triad to protect organizations

NIST frameworks

OWASP security principles

More about OWASP security principles

Wajih: Stay up-to-date on the latest cybersecurity threats

More about security audits

Welcome to week 3

Logs and SIEM tools

SIEM dashboards

The future of SIEM tools

Parisa: The parallels of accessibility and security

Explore common SIEM tools

More about cybersecurity tools

Talya: Myths about the cybersecurity field

Use SIEM tools to protect organizations

Wrap-up

Welcome to Week 4

Phases of an incident response playbook

More about playbooks

Zack: Incident response and the value of playbooks

Use a playbook to respond to threats, risks, or vulnerabilities

Erin: The importance of diversity of perspective on a security team

Playbooks, SIEM tools, and SOAR tools

Wrap-up

Logs and SIEM tools

No Comments