Which two functions can SIEM provide? (Choose Two)
A . Correlation between logs and events from multiple systems.
B . event aggregation that allows for reduced log storage requirements.
C . proactive malware analysis to block malicious traffic.
D . dual-factor authentication.
E . centralized firewall management.
Answer: AB
Explanation:
+ Log collection of event records from sources throughout the organization provides important forensic tools and helps to address compliance reporting requirements.
+ Normalization maps log messages from different systems into a common data model, enabling the organization to connect and analyze related events, even if they are initially logged in different source formats.
+ Correlation links logs and events from disparate systems or applications, speeding detection of and reaction to security threats.
+ Aggregation reduces the volume of event data by consolidating duplicate event records.
+ Reporting presents the correlated, aggregated event data in real-time monitoring and long-term summaries.
Source: http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-smartbusinessarchitecture/sbaSIEM_deployG.pdf
Leave a Reply