Logs and SIEM tools

As a security analyst,  one of your responsibilities might include analyzing  log data to mitigate and manage  threats, risks, and vulnerabilities.  As a reminder, a log is a record of events that  occur within an organization's systems and networks.  Security analysts access a variety  of logs from different sources.  Three common log sources include firewall logs,  network logs, and server logs.  Let's explore each of these log sources in more detail. A firewall log is a record of attempted or  established connections for  incoming traffic from the internet.  It also includes outbound requests  to the internet from within the network. A network log is a record of  all computers and devices  that enter and leave the network.  It also records connections between  devices and services on the network. Finally, a server log is a record of  events related to services such as websites,  emails, or file shares.  It includes actions such as login,  password, and username requests. By monitoring logs, like the one shown here,  security teams can identify  vulnerabilities and potential data breaches.  Understanding logs is important  because SIEM tools rely on  logs to monitor systems and detect security threats. A security information and event management, or SIEM, tool  is an application that  collects and analyzes log data to  monitor critical activities in an organization.  It provides real-time visibility,  event monitoring and analysis, and automated alerts.  It also stores all log data in a centralized location. Because SIEM tools index and minimize the number of logs  a security professional must  manually review and analyze,  they increase efficiency and save time. But, SIEM tools must be configured and customized to  meet each organization's unique security needs.  As new threats and vulnerabilities emerge,  organizations must continually customize  their SIEM tools to ensure that  threats are detected and quickly addressed. Later in the certificate program,  you'll have a chance to practice using  different SIEM tools to  identify potential security incidents. Coming up, we'll explore  SIEM dashboards and how cybersecurity  professionals use them to monitor for  threats, risks, and vulnerabilities.