Security + Domain 4.0 - Day 1 SOC & SIEM

Alerting

system that sends warnings when something unusual happens

monitoring

Watching systems and networks to spot problems or attacks

System Monitoring

Keeping an eye on devices to check their health, performance, and security

Baseline

starting measurement of how a system performs or how secure it is, used to spot changes later.

Application Monitoring

Watching software apps to make sure they don’t have errors.

Infrastructure Monitoring

Keeping an eye on parts that support IT systems

log aggregation

Collecting logs in one spot to find problems.

scanning

Checking systems or networks to find weaknesses or problems.

reporting

Sharing what was found during a scan

archiving

Saving old data in long-term storage

Alert Response

Acting fast when a system detects a problem.

Remediation

Fixing the problem.

Validation

Checking to make sure the fix worked.

SIEM

tool that collects and analyzes security data to spot problems fast.

agent

program that gathers data or performs tasks on a device.

agentless

Collecting data or managing devices without installing extra software on them.

splunk

tool that collects and analyzes computer data to help find problems

elastic stack (elk)

tools that collect, organize, and display data to help find and fix problems.

arcsight

security tool that gathers and analyzes data to spot cyber threats quickly.

qradar

security tool that collects and checks data from networks to detect and stop attacks fast.