dEEpEst
☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
- Joined
- Mar 29, 2018
- Messages
- 13,860
- Solutions
- 4
- Reputation
- 27
- Reaction score
- 45,546
- Points
- 1,813
- Credits
- 55,340
7 Years of Service
56%
What is “SIEM” and what are its uses in information security 
..
SIEM is an abbreviation for security information and event management . It is a system that collects logs and events and displays them to you from more than one source so that you can analyze them and take appropriate action. There are several companies and institutions in companies and institutions that work with each other. For example, the company has a firewall, as well as intrusion detection and prevention systems (IPS & IDS), as well as network devices such as routers and switches , servers of various types, such as the Exchange server, and also the active directory and storage systems, whether SAN or NAS, as well as protection programs for endpoint security devices. We noticed that there are many devices and systems, and with the large number of systems it is difficult to monitor and follow them. Therefore, a central system called “SIEM” was created that collects events and also security alerts from the various systems present in the company's infrastructure so that it becomes central and easy to monitor and follow up on Security events in one place.
SIEM work stages:
The "SIEM" collects logs and events (Log and Event Collection) from various existing systems.
The system here classifies and organizes the events it obtained previously.
Here we analyze the events according to the rules that were previously prepared.
Analyzes and concludes events.
Reports are issued on previous events and recommendations to solve existing problems.Examples of the most popular SIEM systems that exist:
IBM QRadar Security.Splunk.LogRitmo.RSA.SolarWinds Log and Event Manager.