This document discusses security information and event management (SIEM) systems. It describes how a SIEM system collects and analyzes log and event data from various sources like firewalls, intrusion detection systems, applications, and networks. It then uses rule-based and statistical correlation to parse, normalize, and process large amounts of semi-structured data to identify security incidents and threats. The SIEM system helps aggregate millions of events into meaningful security alerts and assists in incident response investigations.
7. Author:BillBuchananAuthor:BillBuchanan
StatefulfirewallNetworkSecurity
Stateful firewall
PIX/ASAConfigNetworkSecurity
PIX/ASA
Author: Prof Bill Buchanan
IntroductionIncResponse
Data Capture
Web
server
IT Ops
Nagios.
NetApp.
Cisco UCS.
Apache.
IIS.
Web Services
Firewall
Router
Proxy
server
Email
server
FTP
server
Switch
Eve
Bob
Microsoft
Infrastructure
Active Directory.
Exchange.
SharePoint.
Structured Data
CSV.
JSON.
XML.
Database Sys
Oracle.
My SQL.
Microsoft SQL.
Network/Security
Syslog/SNMP.
Cisco NetFlow.
Snort.
Intrusion
Detection
System
Alice
Cloud
AWS Cloudtrail.
Amazon S3.
Azure.
Application Serv
Weblogic.
WebSphere.
Tomcat