SIEM Basics - Vocabulary Flashcards

0.0(0)

Studied by 0 people

Knowt Play

Learn

Practice Test

Spaced Repetition

Match

Flashcards

Card Sorting

1/16

Earn XP

Description and Tags

Vocabulary flashcards covering key SIEM concepts from the lecture notes.

Study Analytics

Name	Mastery	Learn	Test	Matching	Spaced

No study sessions yet.

17 Terms

New cards

SIEM

Security Information and Event Management system that aggregates logs from networks and devices to provide real-time or near real-time analysis and detection of anomalies.

New cards

Log collection

Process of gathering event records from sources across the network, typically via Syslog, to a centralized data store for analysis.

New cards

Syslog

A protocol for sending log messages from devices to a SIEM; commonly uses UDP port 514 and can use TCP depending on configuration.

New cards

Normalization

Mapping log messages from different systems into a common data model to enable cross-system analysis.

New cards

Correlation

Linking logs and events from multiple systems into a single data feed to improve threat detection and response speed.

New cards

Aggregation

Reducing the volume of event data by consolidating duplicate events into a single record.

New cards

Reporting

Presenting correlated and aggregated data in real-time dashboards for analysts and in long-term summaries for management.

New cards

Five essential SIEM functions

Log collection, normalization, correlation, aggregation, and reporting.

New cards

Baseline

The normal operating state; logs and alerts are reviewed to detect anomalies outside the baseline.

New cards

Use cases

Defined scenarios that describe what constitutes a threat and what actions to take in response.

New cards

Incident response

Preplanned responses for given events or threats to take action quickly.

New cards

Threat hunting

Regular proactive searching by analysts to find threats that automated alerts may miss.

New cards

Scope

The defined set of events to log and monitor; determines what is included or excluded.

New cards

Ticketing process

A process to track flagged events from detection to resolution and closure.

New cards

Evidence trail

An auditable trail of events maintained by the SIEM for auditors and investigators during compliance.

New cards

Centralized repository

A single, centralized store of logs and events from across the network for analysis.

New cards

Real-time analysis

Analysis of security alerts as they occur or nearly so.

Explore top notes

Thrill seeking

Updated 485d ago

Note

Chapter 1: Canada's Population in a Global Context

Updated 962d ago

Note

Chapter 40: Drug Dependence and Drug Abuse

Updated 882d ago

Note

Chapter 2: Is it Relevant? Adding, Deleting & Revising

Updated 815d ago

Note

Protein Domains Form Larger Proteins

Updated 983d ago

Note

Determinants of Supply & Demand (AP Microeconomics)

Updated 284d ago

Note

Chapter 11 - The Age of Reformation

Updated 1080d ago

Note

Learn to Lead Chapter 1 Review

Updated 193d ago

Note

Explore top flashcards

Lexicon 12

Updated 858d ago

Flashcards (22)

Christianity key terms

Flashcards (103)

Flashcards (23)

Flashcards (21)

Flashcards (114)

C949 Data Structures & Algorithms

Updated 200d ago

Flashcards (76)

WWW 1

Updated 1032d ago

Flashcards (25)

Periodic Table (Chemistry)

Updated 646d ago

Flashcards (20)