8.4.4 - Security Information and Event Management

Flashcards covering key concepts and definitions related to Security Information and Event Management (SIEM) and associated technologies.

Log Aggregation

The process of normalizing data from different sources to make it consistent and searchable, often condensing repetitive events into a summary event.

SIEM

Security Information and Event Management; a system designed to integrate network and security monitoring through automated collection, aggregation, and analysis of log data.

Parsing

The act of interpreting data from different systems to account for differences in vendor implementations, typically using regular expressions to identify attributes.

Normalization

The process of adjusting data, such as date/time zone differences, to create a consistent timeline within the SIEM's reporting and analysis tools.

API

Application Programming Interface; allows different products to interact and enables functions such as initiating scans and returning results directly to a SIEM.

High-level status view

A visual representation in dashboards that displays key metrics related to network security.

Dashboard

A user interface that organizes and presents information in a way that is easy to read and interpret, often used in SIEM tools to monitor security alerts and metrics.

Alert level evolution

A graphical representation of the changes in security alerts over time, typically displayed in area graphs within a SIEM dashboard.

MITRE Attacks

A framework that categorizes and defines specific types of cyber attacks, often analyzed in SIEM systems.