SIEM

What is SIEM (Security Information and Event Management) helps to collects log files, Security Alerts
and events into one place using its tools on a network. It can also help to generate reports based on
analytics in real time, offer storages and automation of services.

SIEM Sources of Data are network infrastructure devices, applications, end points and security
software and appliances

Tools of SIEM
1. SolarWinds - Threat detection, Automation Incidents Response and Compliance Reporting
2. Splunk -> Adaptive Response Framework, Network Security (SAAS Solution) Detect and
Response, Creates a high-level. Sequences events and create visuals of Data
3. LogRhythm -> Logs of powerful threat alerts via Data enrichment. Helps to cater Security team
to perform high alert threats first
4. IBM QRADAR -> Correlation engine to detect threats. Prioritize risks
5. Exabeam -> Advance analytics function that helps to detect threat, investigate and response,
record analytics behavior. Improves productivity and reduce response times with automation.

How it works?

RELATES PAST RELATES

AND PRESENT PATTERNS
EVENTS AND
COLLECTS
DATA AND MEASURE
CREATES LOGS THRESHOLD
GENERATES GENERATE
AND STORES ANALYTICS ALERTS
LARGE NO. OF
DATA

SIEM Components
1. Data aggregation
a. Agent based logs
b. Non Agent based logs
c. API based logs
2. Security data analytics 
 3. Correlation and security event monitoring
4. Forensic analysis
5. Incident detection and response
6. Real-time event response or alerting console
7. Threat intelligence
8. User and entity behavior analytics (UEBA)
9. Compliance management

Attack types
1. Malware
a. Computer virus
b. Spyware
c. Adware
d. Trojan Horse
e. Worms
2. Phishing
3. Passwords attacks
4. DDOS
5. Man in the middle
6. Drive by Download
7. Malvertising
8.