TOP 10 SIEM USE CASES -...

Preview:

Click to see full reader

Citation preview

Complexity in business means that enterprises are experiencing a number of challenges in both a business and a security-oriented context. Outlined below, are the top 10 SIEM use cases for security and business operations.

TOP 10SIEM USE CASES1. Authentication ActivitiesAbnormal authentication attempts, off hour authentication attempts etc, using data from Windows, Unix and any other authentication application.

4. Connections DetailsSuspicious behavior includes connection attempts on closed

5. Abnormal Administrative BehaviorMonitoring inactive accounts, accounts with unchanged passwords, abnormal account management activities etc, using data from AD account management related activities.

2. Shared AccountsMultiple sources (internal/external) creating session requests for a particular user account during a given time frame, using login data from sources like Windows, Unix etc.

3. Session ActivitiesSession duration, inactive sessions etc, using log in session related data specifically from Windows server.

ports, blocked internal connections, connection made to bad destinations etc, using data from firewalls, network devices or flow data. External sources can further be enriched to discover the domain name, country and geographical details.

6. Information TheftData exfiltration attempts, information leakage through emails etc, using data from mail servers, file sharing applications etc.

7. Vulnerability Scanning and CorrelationIdentification and correlation of security vulnerabilities detected by applications such as Qualys against other suspicious events.

8. Statistical AnalysisStatistical analysiscan be done to study the nature of data. Functions like average, median, quantile, etc. can be used. Numerical data from various sources can be used to monitor relations e.g. ratio of inbound to outbound bandwidth usage, data usage per application, comparison etc.

9. Intrusion Detection and InfectionsCan be performed by using data from IDS/IPS, antivirus, anti-malware applications etc.

10. System Change ActivitiesIs carried out by using data for changes in configurations, audit configuration changes, policy changes, policy violations etc.

TOP 10SIEM USE CASES

mailto:hwo@logpoint.com

Recommended

Netiq Siem(SIEM)
Documents
Top 10 Cases for 2014
Documents
Top 5 digital forensic court cases
Law
Actual Case of AP SOC Operational Excellence -  · Use Cases / Rules Standard rules, minimal tailoring Tailored/custom rules, based on risk management Tools SIEM tool HA SIEM, Workflow/Ticketing,
Documents
Top Ten Environmental Cases 2014/2015
Documents
Volantino Siem
Documents
LE TOP 10 DES CAS D’USAGE SIEM - MIEL · le top 10 des cas d’usage siem 9 rogèlqirupdwlrq 7 hqw dwlyhgèh[owudwlrqghgrqq«hv i xlwh gèlqirupdwlrqvsduhpdlovhwf hqxw lolvdqwghv
Documents
EIGHT STEPS TO MIGRATE YOUR SIEM - Exabeam€¦ · replacing a legacy SIEM with a modern SIEM. These considerations also apply to more specific use cases such as SIEM consolidation
Documents
Operationalizing Information Security: Top 10 SIEM
Documents
siem tirana
Documents
AHTS VS491 CD SIEM PEARL SIEM EMERALD SIEM SAPPHIRE SIEM ... · PDF fileThe vessel is a very large capacity Anchor Handling Tug Supply Vessel ... SIEM AHTS. Engine and
Documents
SIEM Architecture
Technology
SIEM HELIX 1 & 2 - Helix Energy Solutions Grouphelixesg.com/media/36686/Siem1Siem2.pdf · SIEM HELIX 1 SIEM HELIX 2 The Siem Helix 1 and Siem Helix 2 vessels are purpose designed
Documents
Top 10 Slim iPhone 7 Cases
Technology
Top 100 IoT Use Cases
Technology
SIEM Primer:
Technology
Benchmarking SIEM
Documents
CHOOSING THE RIGHT SIEM SOLUTION FOR YOUR NEEDS · SIEM solutions, in reality, are optimized for different use-cases and one size never fits all. In fact, the evolution of SIEM and
Documents
Top Security Orchestration Use Cases - eplus.com
Documents
ArcSight SIEM
Documents