it:ad:System Information and Event Management (SIEM) System

Summary

  • Security Information and Event Management System can be used to gather and analyse the data flows from multiple systems.

Notes

  • SPLUNK
  • SIEM:
    • Retention and Compliance
      • Log Retention
      • Regulatory Compliance
      • Archive
    • Dashboards
      • Interactive
      • Visualisation
      • Analytics
    • Reporting/Compliance
      • Built In Reporting
    • Alerting
      • If Alert then Action…
    • Aggregation/Correlation
      • Single System
      • Robust Search Tools
      • Correlation Engine
      • Log Integrity

Resources