Just like we need multiple handpicked ingredients for making a delicious butter chicken,in the same manner, we require multiple ingredients for an awesome SIEM deployment .
The soul of SIEM is log collection and the heart is knowledge collection .
Therefore in order to function like Hulk, and think like Captain America,SIEM require logs and knowledge from these systems :
LOGS AND ALERTS:
Security Controls
Infrastructure
KNOWLEDGE:
Infrastructure Information
Business Information
Courtesy :www.alienvault.com
The soul of SIEM is log collection and the heart is knowledge collection .
Therefore in order to function like Hulk, and think like Captain America,SIEM require logs and knowledge from these systems :
LOGS AND ALERTS:
Security Controls
- Intrusion Detection
- Endpoint Security (Antivirus, etc)
- Data Loss Prevention
- VPN Concentrators
- Web Filters
- Honeypots
- Firewalls
Infrastructure
- Routers
- Switches
- Domain Controllers
- Wireless Access Points
- Application Servers
- Databases
- Intranet Applications
KNOWLEDGE:
Infrastructure Information
- Configuration
- Locations
- Owners
- Network Maps
- Vulnerability Reports
- Software Inventory
Business Information
- Business Process Mappings
- Points of Contact
- Partner Information
Check the below diagram for a visual understand
Courtesy :www.alienvault.com
No comments:
Post a Comment