From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Utilizing SIEM, SOAR, and log management

Utilizing SIEM, SOAR, and log management

From the course: Cisco Certified CyberOps Associate (200-201) Cert Prep: 1 Security Concepts

Start my 1-month free trial

Utilizing SIEM, SOAR, and log management

- [Instructor] On any network, there are many devices, applications and systems that generate logs. If we go to NIST, we can read about some of the guidelines on log management at Special Publication 800-92. To make sense of all this data on a large network, it's best to combine data from multiple technologies. One way to do this is by using a Security Information and Event Management System or SIEM System. A SIEM system combines logs and events from different systems. Then normalizes and maps the data so that it can integrate into a central system. A SIEM system can provide continuous monitoring, trend awareness and auditing, correlation of events which gives historic or real-time data perspective and conducts data analysis based on a set of rules, a digital dashboard, which allows a graphical visual of reports and alerts, and reduces the volume of event data by consolidating duplicate event records. Once aggregated, the…

Contents