Unit 04: LO 3 - 3.3 SIEM Data Types

Identify different types of data that SIEM captures

Pick 2 and give examples

Assessment

Report

Different types of data, for example:

timestamps
logon events
directory access
changes to account privileges
process tracking

SIEM, which stands for Security Information and Event Management, is like a high-tech security guard for computer networks. It keeps an eye on all the different pieces of a network to make sure everything is safe and sound. SIEM systems collect a lot of data to do this job well. Here are some different types of data that SIEM captures:

Log Data

System Logs: These are like a diary of what the computer's operating system is doing. It keeps a record of activities, errors, and other events.
Application Logs: Think of this as a journal for specific software. It details what the software did, like if it opened a file or if it crashed.

Network Data

Packet Data: Imagine your network is like a highway. Packet data is like tracking every car that moves on it.
Flow Data: This focuses on the general flow of traffic rather than each individual "car" or packet. It's like looking at how busy the highway is, rather than each car's details.

Security Data

Firewall Logs: Firewalls are like the security doors in a building. These logs show who tried to come in or go out.
Intrusion Detection System (IDS) Alerts: These are like alarms that go off when something suspicious is happening, like if someone is trying to break in.

User Activity

Authentication Logs: These keep track of who has logged in or out of systems. It's like a list of everyone who entered or left a secure building.
Privilege Changes: This records if someone gets special permission to do something they couldn't before, like a promotion from a regular worker to a manager.

Configuration Data

Change Logs: These are records of any changes made to system settings. Think of it like keeping track of any adjustments made to a machine to make it work better.

Compliance Data

Audit Trails: These are records that prove you're following rules and laws. It's like having receipts for your transactions.

Threat Intelligence

Indicators of Compromise (IOCs): These are signs that something bad might be happening, like seeing someone wearing a mask and carrying a bag of tools near a locked door.

Each type of data helps SIEM do its job better, like piecing together a puzzle to see the big picture of what's happening in a network. This way, it can spot anything fishy and help keep things secure.

What is Data Loss Prevention (DLP)? Definition, Types & Tips

Directory Access - Trying to save a simple text file in a Microsoft (main) folder

Every learner has been given access to their own shared folder on Sharepoint, but to nothing else in the company.

This is a simulation to account privileges.

Tracking the process of an image added from the internet.

Computer software tracks the image from the firewall through to the Operating System and into Microsoft Word.

It could also be that Windows Server tracks when a user logs into a computer and which applications they open.

Page updated

Google Sites

Report abuse