Scribd Logo
Upload

Welcome to Scribd!

  • Key Capabilities of Modern SIEMs Include

    Uploaded by

    Yosef Kitaw
    6 views2 pages
    Modern SIEMs provide key capabilities including threat intelligence, data aggregation, search and reporting functions, advanced analytics, dashboards, correlation and alerts, forensic analysis, long-term data retention, compliance functions, threat hunting, incident response support, and SOC automation. They combine internal data with external threat feeds, collect security data from devices, enable exploration and reporting without raw data expertise, use machine learning to detect anomalies and threats, create visualizations, link related events into incidents, allow forensic exploration of historical data, support compliance regulations, enable proactive threat discovery, assist with incident response, and automate security orchestration.

    Original Description:

    Original Title

    Key capabilities of modern SIEMs include

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Modern SIEMs provide key capabilities including threat intelligence, data aggregation, search and reporting functions, advanced analytics, dashboards, correlation and alerts, forensic analysis, long-term data retention, compliance functions, threat hunting, incident response support, and SOC automation. They combine internal data with external threat feeds, collect security data from devices, enable exploration and reporting without raw data expertise, use machine learning to detect anomalies and threats, create visualizations, link related events into incidents, allow forensic exploration of historical data, support compliance regulations, enable proactive threat discovery, assist with incident response, and automate security orchestration.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views2 pages

    Key Capabilities of Modern SIEMs Include

    Uploaded by

    Yosef Kitaw
    Modern SIEMs provide key capabilities including threat intelligence, data aggregation, search and reporting functions, advanced analytics, dashboards, correlation and alerts, forensic analysis, long-term data retention, compliance functions, threat hunting, incident response support, and SOC automation. They combine internal data with external threat feeds, collect security data from devices, enable exploration and reporting without raw data expertise, use machine learning to detect anomalies and threats, create visualizations, link related events into incidents, allow forensic exploration of historical data, support compliance regulations, enable proactive threat discovery, assist with incident response, and automate security orchestration.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Key capabilities of modern SIEMs include:

    Threat Intelligence
    Combines internal data with third-party threat intelligence feeds on threats
    and vulnerabilities.

    Data Aggregation
    Collects and aggregates data from security systems and network devices.

    Search, Data Exploration and Reporting


    Search vast amounts of security data without reviewing raw data and without
    data science expertise, active explore data to discover patterns and hunt for
    threats, create and schedule reports on important data points.

    Advanced Analytics
    Uses statistical models and machine learning to identify anomalies and detect
    advanced threats, detect unknown threats, detect lateral movements within a
    network, and enrich the context of security alerts to make it easier to
    investigate and detect elusive threats.

    Dashboards
    Creates visualizations to let staff review event data, identify patterns and
    anomalies

    Correlation, Security Monitoring and Alerts


    Links events and related data into security incidents, threats or forensic
    findings, analyzes events and sends alerts to notify security staff of immediate
    issues.

    Forensic Analysis
    Enables exploration of log and event data to discover details of a security
    incident, with automated attachment of additional evidence organized in a
    situation timeline.
    Retention
    Stores long-term historical data, useful for compliance and forensic
    investigations. Built in data lake technology facilitate unlimited, low cost, long-
    term storage.

    Compliance
    Gathers log data for standards like HIPAA, PCI/DSS, HITECH, SOX and GDPR
    and generates compliance reports. Helps to meet compliance and security
    regulations requirements, for example by alerting about security conditions
    for protected data.

    Threat Hunting
    Enables security staff to run queries on log and event data, and freely explore
    data to proactively uncover threats. Once a threat is discovered, automatically
    pulls in relevant evidence for investigation.

    Incident Response Support


    Helps security teams identify and respond to security incidents automatically,
    bringing in all relevant data rapidly and providing decision support.

    SOC Automation
    Automatically responds to incidents but automating and orchestrating security
    systems, known as Security Orchestration and Response (SOAR).

    You might also like