From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Utilizing SIEM, SOAR, and log management
From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts
Utilizing SIEM, SOAR, and log management
- [Instructor] On any network, there are many devices, applications and systems that generate logs. If we go to NIST, we can read about some of the guidelines on log management at Special Publication 800-92. To make sense of all this data on a large network, it's best to combine data from multiple technologies. One way to do this is by using a Security Information and Event Management System or SIEM System. A SIEM system combines logs and events from different systems. Then normalizes and maps the data so that it can integrate into a central system. A SIEM system can provide continuous monitoring, trend awareness and auditing, correlation of events which gives historic or real-time data perspective and conducts data analysis based on a set of rules, a digital dashboard, which allows a graphical visual of reports and alerts, and reduces the volume of event data by consolidating duplicate event records. Once aggregated, the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
(Locked)
Identifying challenges of data visibility2m 25s
-
(Locked)
Comparing security deployments2m 37s
-
(Locked)
Using agentless or agent-based methods2m 54s
-
(Locked)
Utilizing SIEM, SOAR, and log management3m 12s
-
(Locked)
Employing runbook automation3m 53s
-
(Locked)
Exploring Nmap4m 12s
-
(Locked)
Challenge: Using Nmap2m 57s
-
(Locked)
Solution: Using Nmap5m 29s
-
(Locked)
-