Description:
Security information and event management (SIEM) is the industry-specific term in computer security referring to the collection of data (typically log files; e.g. eventlogs) into a central repository for trend analysis.SIEM products generally comprise software agents running on the computers that are to be monitored, communicating with a centralized server acting as a "security console", sending it information about security-related events, which displays reports, charts, and graphs of that information, often in real time. The software agents can incorporate local filters, to reduce and manipulate the data that they send to the server. The security console is monitored by a human being, who reviews the consolidated information, and takes action in response to any alerts issued.
In this video, John Kerry, Principal Consultant of
Pivot Point Security talks about the best practices for SIEM products.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: