Translate

Thursday, 21 December 2017

SIEM

Security Information & Event Management



Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology.
It and practice of collecting, monitoring, analyzing and co-relating security logs from security devices for event management.

Logs can be collected from sources like Antivirus, IPS-IDS, Firewalls, AD, Routers, Switches, Mail & Web gateways, Proxy's etc.

SIEM generally is an software agent running on the security devices that are to be monitored. The agent then sends security logs to centralized server which is an log collector from where the logs are been monitored by SOC team for log co-relation and incident management.

The SIEM shows a typical console which can include reports, charts and also real-time information.

Working of SIEM

Devices and computer applications generally creates events
which can be application events, security events or even
hardware events. These are kept in event logs.
They are the list which says all the happening one by one in
line.
SIEM agent uses protocols like Syslog or SNMP to transport
this events to the SIEM log collector. 

Features of SIEM

Data Aggregation:
SIEM aggregates security events in form a log from various 
security and non security devices for data monitoring and
 event management purpose.

Co-relation:
SIEM looks for common links between events to make a 
meaningful event.
Logs from different sources are co-related for making a 
single event

Alerting:
Alerting is the main feature of SIEM, once the collected logs
are co-related to create a security event, alerting is the
next step. The operations team has to be alerted for the
incoming threat.

Dashboards:
SIEM also provides with informational charts and diagrams
in a dashboard manner which makes things easy to
understand.

Youtube Channel              Facebook Group

Onion Secure                    Onion Secure

No comments:

Post a Comment