Jul 29

SIEM overview

Security information and event management (SIEM) is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications.

SIEM components:

1) Log and context data collection
2) Normalization
3) Correlation (SEM)
4) Notification/Alerting (SEM)
5) Prioritization (SEM)
6) Reporting (SIM)
7) Security role workflow


SIEM lifecycle:

1) Determine the need
2) Define scope of log management
3) Select and evaluate the vendor
4) Run proof of concept (POC)
5) Deploy (In phases)
6) Run the tool
7) Expand deployment

Follow me!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>