The document explains the concept of Security Information and Event Management (SIEM), which centralizes security notifications from various technology sources like firewalls and antivirus systems. It details how SIEM consolidates logs for reporting and sets rules for event management, aiming to detect repeated attacks and other threats. Alerts generated from these rules can be logged for later review or sent for immediate action.

1. SECURITY INFORMATION
AND EVENT
MANAGEMENT
SIEM

2. WHAT IS SIEM
LOG aggregation
 Centralized all security notifications from various
security technology (Firewalls ,IDs ,IPs ,Antivirus
console ,wireless active points and active
directories).
 It all generate tons of notification every day.
 Siem allows you to centralize all logs in one place
in set of report.
Add a Footer 2

3. HOW IT WORKS
Event management
RULES
• Repeat Attack-Login Source
• Brute force attacks, Password guessing
• Alert on 3 or more failed logins in 1 minute
from a single host.
• Active Directory, Syslog (Unix Hosts,
Switches, Routers, VPN)
3
RULE
GOAL
Trigger
Event

4. HOW IT WORKS
N o t i f i c a t i o n
 Simply logged
 Written in report to be viewed later
 Immediate Attention
4
I n c i d e n t
 Sent by email / api
 How they can solve it

5. 5

6. 6

7. 7
Threats / Alerts

8. 8

9. 9

10. THANK YOU
10