4.4 Security Operations
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/18
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
19 Terms
System Monitoring
Monitoring done via system logs through central management tools, aggregating system health and performance information for it to be analyzed by those tools at central logging servers or services
Application Monitoring
Monitoring that involves application logs, application management interfaces, and performance monitoring tools, though can vary based on what the application provides meaning each application and application environment will need to be analyzed
Infrastructure Monitoring
Monitoring that uses SNMP and syslog for infrastructure devices, though hardware vendors may sell management tools and systems that can be used to monitor and control infrastructure systems and devices
Log Aggregation
The process of collecting and centralizing log data from various sources into a unified repository, such as a SIEM
Alerting
Automated mechanisms categorized by their time and severity, used to notify analysts when defined thresholds, anomalies, or malicious signatures are detecting, and shows which sensor is reporting the issue
Scanning
Activities such as vulnerability scans or packet captures, which provides information on vulnerabilities or to review network traffic for incident response or troubleshooting
Reporting
Identifying trends in logs and providing visibility into changes in the logs that may indicate issues or require management oversight
Archiving
Retaining logs that are not in active use
Alert Response and Remediation / Validation
The process of taking immediate action to address and resolve identified alerts, followed by validation to ensure the effectiveness of the response and mitigate potential risks
Quarantine
Placing a system or device in an isolated network zone or removes it from a network to ensure that it cannot impact other devices
Alert Tuning
The process of modifying alerts to only alarm on important events
Security Content Automation Protocol (SCAP)
An effort by the security community, led by NIST, to create a standardized approach for communicating security-related information
Benchmarks
In a logging/tool content, requires central logging, configuring log and alerting levels, and that endpoints or servers log critical and important events
Agents/Agentless
Software agents or other methods that collect and transmit data for monitoring purposes, or monitoring without the need for dedicated agents
Security Information and Event Management (SIEM)
A tool that centralizes information gathering and analysis and provide dashboards and reporting that allow incident information to be seen and quickly identified through visualization, reporting, and manual analysis as well as automated analysis capabilities
Antivirus
Software designed to detect, prevent, and remove malicious software, protecting computer systems and data from viruses, worms, trojans, and other types of malware
Data Loss Prevention (DLP)
Systems that search for stores of sensitive information that might be unsecure and monitor network traffic for any potential attempts to remove sensitive information from the organization
SNMP Trap
A message sent to an SNMP manager when a device configured to use SNMP encounters an error, allowing the manager to take appropriate action
NetFlow
Cisco’s proprietary software driven capability to monitor bandwidth, containing information such as the source and destination of traffic, how much traffic was sent, and when the traffic occured