What are two uses of SIEM software? (Choose two.)

What are two uses of SIEM software? (Choose two.)
A . collecting and archiving syslog data
B . alerting administrators to security events in real time
C . performing automatic network audits
D . configuring firewall and IDS devices
E . scanning email for suspicious attachments

View Answer

Answer: A,B

Explanation:

Security Information Event Management SIEM

+ Log collection of event records from sources throughout the organization provides important forensic tools and helps to address compliance reporting requirements.

+ Normalization maps log messages from different systems into a common data model, enabling

the organization to connect and analyze related events, even if they are initially logged in different source formats.

+ Correlation links logs and events from disparate systems or applications, speeding detection of and reaction to security threats.

+ Aggregation reduces the volume of event data by consolidating duplicate event records.

+ Reporting presents the correlated, aggregated event data in real-time monitoring and long-term summaries.

Source: http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-smart­business- architecture/sbaSIEM_deployG.pdf