What is a SIEM solution

 

What is a SIEM solution

I am updating my blog after quite a while and will try to talk about Cyber Security.

In today’s blog we are going to talk about a term used commonly in Cyber Security, which is SIEM.

SIEM stands for “Security Incident and Event Management”

It is a combination of security information management and security event management.

SIEM keeps track of the security posture of an organization by collecting security related data of information an organization in form of logs and store them for analysis for upcoming threats and it also monitors the infrastructure of an organization (both on premises and cloud based.)

There are different SIEM solutions offered, some of the common and popular ones are Rapid7, Sentinel One, Splunk, ActZero. Most of these solutions can also integrate with next generation EDR/XDR/MDR solutions like Crowd Strike as well.

SIEM is the center of organizations security operations (SOC).

 Some of the salient features of any SIEM solution are:

Log management

One of the main features of a SIEM solution is collecting of logs from different sources like firewalls, Servers, Windows events etc. These logs are analyzed for any threats and malicious activity. Logs are analyzed based on some rules for identification of the threats.

Incident Management

A SIEM solution also incorporates incident management which involves detecting, blocking and remediating the threat. It also involves creation of tickets and an automatic response.

Alerting

Alerting involves sending emails or text messages for a particular incident to teams involved in security operations.

Analysis and Reporting

SIEM solution has a dashboard for reporting all the incidents in a central place for visualization of data and also generates reports for analyzing the security posture of an organization.

 

Some of the use cases of SIEM

·         IPS/IDS – Intrusion Prevention and Detection

·         Malware Detection

·         Network Anomaly Detection

·         Integration with EDR/MDR/XDR

·         Central log management

 

Comments

Post a Comment

Popular posts from this blog

Script to find memory usage on Ubuntu

This simple script will show the total memory, free memory and percentage of memory used. Have tested it on Ubuntu 14/16 but will work on CentOS as well #!/bin/bash freemem=$(($(free -m |grep "buffers/cache:"|awk '{print $4}'))) totalmem=$(($(free -m |awk 'NR==2 {print $2}'))) usage=$(($totalmem-$freemem)) echo "Memory used: $usage" echo "Total memory: $totalmem" usage=$(($usage*100 / $totalmem)) echo "Usage percentage: $usage" echo "Free memory: $freemem" echo "$TIMESTAMP $totalmem $usage $freemem"
Read more

Implementation of central authentication from Active Directory for Samba Shares

You have configure Kerberos and Winbind to join Active Directory. Configure Samba to use ADS in globals [global] workgroup = ******* realm = ******.COM.PK server string = ***** security = ADS map to guest = Bad Uid password server = ip adrress of Domain Controller log file = /var/log/samba/log.%m max log size = 50 idmap uid = 100000-200000 idmap gid = 100000-200000 cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Test] path = /d/infopool valid users = rahat.khan, *******\Administrators, *****\rahat.khan admin users = ******\rahat.khan write list = ******\rahat.khan acl group control = Yes guest ok = yes
Read more

fwbaackups

fwbackups is a feature-rich user backup program that allows you to backup your documents anytime, anywhere. It is completely free to download and use without any sort of trial or restrictions. In fact, fwbackups is open-source, which means anybody can use, share it and improve it. If you would like to help develop or test fwbackups, see the developer's page. fwbackups offers a simple but powerful interface that permits you to perform backups with ease. With support for scheduled backups and backing up to remote computers, you will never have to worry about losing your data again. For more information, select a page from the menu on the left of this text. fwbackups - Features fwbackups™ has a rich interface that is both powerful and easy to use. Here are just a few of its many features: * Simple interface: Configuring new backups or restoring documents from a previous backup is a breeze. * Cross-platform: It doesn't matter if you're running Microsoft Windows, Mac OS ...
Read more