Checking out AlienVault and taking notes:
SIEM event collection and correlation engine (fancy words for a database).
It is an extra layer of management on top of the different layers of defense that should be in place.
It gives you a lens to focus in on an event or chain of events (through if/then statements).
It looks at events in a particular order from different equipment from the network.
Different pieces of the defense:
IDS, intrusion detection services
HIDS, host intrusion detection services
Services Logs
Asset Management
SIEM is to bring these layers of management together but this database does not give good data back unless it is fed good data consistently in the first place.
No comments:
Post a Comment