Internal Intelligence and SIEM in Cyber Threat Intelligence - 8

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/29

flashcard set

Earn XP

Description and Tags

This set of flashcards covers key terms and concepts related to Internal Intelligence and Security Information and Event Management (SIEM) in the context of Cyber Threat Intelligence.

Last updated 10:00 AM on 4/20/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

30 Terms

1
New cards

Internal Intelligence

Data gathered from systems and devices within an organization's IT infrastructure that informs about internal activities. (INTERNAL)

  • low lead times

  • relevance to critical assets

  • increases trust

  • ex) network logs, database access events, IDS/IPS logs

2
New cards

log

the automatically produced and time-stamped documentation of events that occur in a computer system

  • a message or log entry is recorded for each such event

  • messages are written to a file

3
New cards

Security Information and Event Management (SIEM)

A system that collects, analyzes, and presents information from network and security devices to support security operations.

4
New cards

Log Management (LM)

An approach to managing large volumes of computer-generated log messages for analysis, retention, and reporting.

  • includes:

    • log collection and aggregation

    • long-term retention

    • log analysis

    • log search and reporting

5
New cards

Open Source Intelligence (OSINT)

External intelligence that can be gathered from publicly available sources like the internet and social media or from other CTI companies. (EXTERNAL)

  • provides comprehensive views of external threat landscape

  • ex) vulnerability/exploit feeds, social media, IRC, public statements, commercial data feeds

6
New cards

Human Intelligence (HUMINT)

Data collected through manual research; provides information about activities internal to an organization (BOTH)

  • ex) direct interaction with hackers or insiders.

7
New cards

Counter Intelligenece

Providing false information to deceive attackers; safely identify tools and methods used by attackers (BOTH)

  • ex) Honeypots, anti-human intelligence

8
New cards

Finished Intelligence (FINTEL)

Refined intelligence that is ready for dissemination after thorough analysis.

9
New cards

Event Log

A record that provides information about network traffic, usage, and security-related events.

10
New cards

log collection

collection security-related logs + contextual data

  • collect all logs - from heterogenous sources (windows systems, Linux, apps, etc.)

11
New cards

log preprocessing

parsing, normalization, categorization, enrichment

  • indexing, parsing or none

12
New cards

Events per Second (EPS)

The rate at which your IT infrastructure generates events

  • if not calculated correctly the solution will start dropping events before they are stored in the database leading to incorrect reports and search

13
New cards

Log Retention

retain parsed & normalized data - archived to a centralized repository - solution has the “tamper proof” feature which “encrypts” and “timestamps” them for compliance and forensics purposes

  • retain raw log data

14
New cards

reporting

security focused reporting

  • broad-use reporting

15
New cards

analysis

correlation, threat scoring, event prioritization

  • full-text analysis tagging

16
New cards

alerting and notification

advanced security focused reporting

  • simple alerting on all logs

17
New cards

Real-Time Event Correlation

Analyzing data from various sources to identify relationships and detect anomalies in network events.

18
New cards

User Activity Monitoring

Tracking and auditing user actions within a system, including privileged user actions, for security purposes.

19
New cards

File Integrity Monitoring (FINTEL)

Monitoring changes to critical files and folders to detect unauthorized access or modifications.

refined, analyzed intelligence

20
New cards

IT Compliance Reports

Reports generated by SIEM systems to ensure adherence to regulatory requirements like PCI DSS and HIPAA.

21
New cards

Major SIEM Vendors

Key companies that provide SIEM solutions, including Splunk, Microsoft, and IBM.

22
New cards

SIEM Challenges

Issues typically associated with SIEM solutions, such as managing log volume, log tunability, and the cost/compliance requirements of external data integration.

23
New cards

SIEM Inefficiences

analyzing logs for relevant security intelligence: meaningful data, tracking suspicious activity, conducting effective root cause analysis

24
New cards

Security Information Management (SIM)

long-term storage, analysis and reporting of log data

25
New cards

Security Event Management (SEM)

real-time monitoring, correlation of events, notifications and console

26
New cards

Security Information and Event Management (SIEM)

Combines SIM and SEM

27
New cards

log forensics

SIEM solutions should allow users to track down an intruder or the event activity using log search capability

28
New cards

IT Compliance Reports

Ensure that the solution has out-of-the-box regulatory compliance such as

  • payment card industry data security standard

  • gramm-leach-bliley act

  • health insurance portability and accountability act

  • federal information security management act

  • eu general data protection regulation

should have the capabilities to be customized

29
New cards

dashboards

data must be presented in a very intuitive and user-friendly manner

30
New cards

SIEM Shortcomings

does not consider external data (feeds, OSINT)

logs and alerts can be expensive to manage

logs can be prone to sabotage

SIEM’s are difficult to tune

siloed information and processes