4.4 - CompTIA Security+

Log aggregation

Parsing information from multiple log and security event data sources to present it in a consistent and searchable format.

Alerting

Determining/detecting events that should be investigated as potential incidents.

Scanning

The process of identifying open ports and services on a host to assess vulnerabilities and security posture.

Reporting

Managerial control that provides insight into the status of the security system, assisted by a SIEM that exports summary statistics and graphs.

Archiving

Reporting activity that provides insight into the security system status, facilitated by a SIEM exporting summary statistics and graphs.

Quarantine

The process of isolating an IoC source, such as a network address, host computer, or file.

Alert tuning

The process of adjusting detection and correlation rules to reduce the incidence of false positives and low-priority alerts.

Security Content Automation Protocol (SCAP)

NIST protocols consolidating vulnerabilities into a single language understood by all devices.

Benchmarks

Predefined security configurations provided by organizations, guiding secure system setups.

Agent-based software

Software components installed on devices to collect and report security-related data back to a central management system.

Agentless software

Security solutions that do not require installation on devices and use existing protocols to gather data.

Security Information and Event Management (SIEM)

A comprehensive solution that aggregates and analyzes security data from diverse sources for incident detection and threat response.

Antivirus

Software responsible for identifying, quarantining, and removing malware from computer systems.

Data loss prevention (DLP)

Software used to monitor, flag, and remove data/traffic that contains sensitive information.

Simple Network Management Protocol (SNMP) traps

A protocol for network management that allows devices to send alerts about specific events to a management console.

NetFlow

A network protocol developed by Cisco for collecting and monitoring network traffic flow data.

Vulnerability scanners

Software that reports the total number of unmitigated vulnerabilities for each host and evaluates patch/configuration issues.