2
Complexity in business means that enterprises are experiencing a number of challenges in both a business and a security-oriented context. Outlined below, are the top 10 SIEM use cases for security and business operaons. TOP 10 SIEM USE CASES 1. Authencaon Acvies Abnormal authencaon aempts, off hour authencaon aempts etc, using data from Windows, Unix and any other authencaon applicaon. 4. Connecons Details Suspicious behavior includes connecon aempts on closed 5. Abnormal Administrave Behavior Monitoring inacve accounts, accounts with unchanged passwords, abnormal account management acvies etc, using data from AD account management related acvies. 2. Shared Accounts Mulple sources (internal/external) creang session requests for a parcular user account during a given me frame, using login data from sources like Windows, Unix etc. 3. Session Acvies Session duraon, inacve sessions etc, using log in session related data specifically from Windows server. ports, blocked internal connecons, connecon made to bad desnaons etc, using data from firewalls, network devices or flow data. External sources can further be enriched to discover the domain name, country and geographical details.

TOP 10 SIEM USE CASES - configgroup.comconfiggroup.com/wp-content/.../12/Top-10-SIEM-cases-with-screen-d… · from IDS/IPS, antivirus, anti-malware applications etc. 10. System Change

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: TOP 10 SIEM USE CASES - configgroup.comconfiggroup.com/wp-content/.../12/Top-10-SIEM-cases-with-screen-d… · from IDS/IPS, antivirus, anti-malware applications etc. 10. System Change

Complexity in business means that enterprises are experiencing a number of challenges in both a business and a security-oriented context. Outlined below, are the top 10 SIEM use cases for security and business operations.

TOP 10SIEM USE CASES1. Authentication ActivitiesAbnormal authentication attempts, off hour authentication attempts etc, using data from Windows, Unix and any other authentication application.

4. Connections DetailsSuspicious behavior includes connection attempts on closed

5. Abnormal Administrative BehaviorMonitoring inactive accounts, accounts with unchanged passwords, abnormal account management activities etc, using data from AD account management related activities.

2. Shared AccountsMultiple sources (internal/external) creating session requests for a particular user account during a given time frame, using login data from sources like Windows, Unix etc.

3. Session ActivitiesSession duration, inactive sessions etc, using log in session related data specifically from Windows server.

ports, blocked internal connections, connection made to bad destinations etc, using data from firewalls, network devices or flow data. External sources can further be enriched to discover the domain name, country and geographical details.

Page 2: TOP 10 SIEM USE CASES - configgroup.comconfiggroup.com/wp-content/.../12/Top-10-SIEM-cases-with-screen-d… · from IDS/IPS, antivirus, anti-malware applications etc. 10. System Change

6. Information TheftData exfiltration attempts, information leakage through emails etc, using data from mail servers, file sharing applications etc.

7. Vulnerability Scanning and CorrelationIdentification and correlation of security vulnerabilities detected by applications such as Qualys against other suspicious events.

8. Statistical AnalysisStatistical analysiscan be done to study the nature of data. Functions like average, median, quantile, etc. can be used. Numerical data from various sources can be used to monitor relations e.g. ratio of inbound to outbound bandwidth usage, data usage per application, comparison etc.

9. Intrusion Detection and InfectionsCan be performed by using data from IDS/IPS, antivirus, anti-malware applications etc.

10. System Change ActivitiesIs carried out by using data for changes in configurations, audit configuration changes, policy changes, policy violations etc.

TOP 10SIEM USE CASES

mailto:[email protected]

SIEM eBook

SIEM eBook

Documents
ArcSight SIEM

ArcSight SIEM

Documents
EIGHT STEPS TO MIGRATE YOUR SIEM - Exabeam€¦ · replacing a legacy SIEM with a modern SIEM. These considerations also apply to more specific use cases such as SIEM consolidation

EIGHT STEPS TO MIGRATE YOUR SIEM - Exabeam€¦ · replacing a legacy SIEM with a modern SIEM. These considerations also apply to more specific use cases such as SIEM consolidation

Documents
Champagne SIEM on a Beer Budget - Amazon Web …solarwinds-marketing.s3.amazonaws.com/solarwinds/PDFs/SolarWinds... · Champagne SIEM on a Beer Budget ... Top 10 Rules by # of Rules

Champagne SIEM on a Beer Budget - Amazon Web …solarwinds-marketing.s3.amazonaws.com/solarwinds/PDFs/SolarWinds... · Champagne SIEM on a Beer Budget ... Top 10 Rules by # of Rules

Documents
Trustwave SIEM LP Software and SIEM Operations Edition ... … · Trustwave SIEM Software and SIEM Operations Edition Security Target 2 DOCUMENT INTRODUCTION Prepared By: Common Criteria

Trustwave SIEM LP Software and SIEM Operations Edition ... … · Trustwave SIEM Software and SIEM Operations Edition Security Target 2 DOCUMENT INTRODUCTION Prepared By: Common Criteria

Documents
Final edition of Top Ten Patent Cases; .. see Thank You p ... edition of Top Ten Patent Cases; .. see “Thank You” ... This is the final edition of Top Ten Patent Cases. ... Anatomy

Final edition of Top Ten Patent Cases; .. see Thank You p ... edition of Top Ten Patent Cases; .. see “Thank You” ... This is the final edition of Top Ten Patent Cases. ... Anatomy

Documents
SIEM HELIX 1 & 2 - Helix Energy Solutions Grouphelixesg.com/media/36686/Siem1Siem2.pdf · SIEM HELIX 1 SIEM HELIX 2 The Siem Helix 1 and Siem Helix 2 vessels are purpose designed

SIEM HELIX 1 & 2 - Helix Energy Solutions Grouphelixesg.com/media/36686/Siem1Siem2.pdf · SIEM HELIX 1 SIEM HELIX 2 The Siem Helix 1 and Siem Helix 2 vessels are purpose designed

Documents
Top 10 Cases for 2014

Top 10 Cases for 2014

Documents
Top Security Orchestration Use Cases - eplus.com

Top Security Orchestration Use Cases - eplus.com

Documents
AHTS VS491 CD SIEM PEARL SIEM EMERALD SIEM SAPPHIRE SIEM ... · PDF fileThe vessel is a very large capacity Anchor Handling Tug Supply Vessel ... SIEM AHTS. Engine and

AHTS VS491 CD SIEM PEARL SIEM EMERALD SIEM SAPPHIRE SIEM ... · PDF fileThe vessel is a very large capacity Anchor Handling Tug Supply Vessel ... SIEM AHTS. Engine and

Documents
SIEM Integration Guide - bomgar.com · BomgarSIEMToolPluginInstallationandAdministration TheSecurityInformationandEventManagement(SIEM)toolpluginforBomgarRemoteSupportenablestheprocessingand

SIEM Integration Guide - bomgar.com · BomgarSIEMToolPluginInstallationandAdministration TheSecurityInformationandEventManagement(SIEM)toolpluginforBomgarRemoteSupportenablestheprocessingand

Documents
LE TOP 10 DES CAS D’USAGE SIEM - MIEL · le top 10 des cas d’usage siem 9 rogèlqirupdwlrq 7 hqw dwlyhgèh[owudwlrqghgrqq«hv i xlwh gèlqirupdwlrqvsduhpdlovhwf hqxw lolvdqwghv

LE TOP 10 DES CAS D’USAGE SIEM - MIEL · le top 10 des cas d’usage siem 9 rogèlqirupdwlrq 7 hqw dwlyhgèh[owudwlrqghgrqq«hv i xlwh gèlqirupdwlrqvsduhpdlovhwf hqxw lolvdqwghv

Documents
Splunk Siem

Splunk Siem

Documents
Top 10 Use Cases of Alfresco

Top 10 Use Cases of Alfresco

Technology
Top Ten Environmental Cases 2014/2015

Top Ten Environmental Cases 2014/2015

Documents
2018 - Siem Offshore · SIEM OFFSHORE INC. ANNUAL REPORT 2018 3. VESSELS IN THE FLEET Platform Supply Vessels (PSV) Siem Pride Siem Symphony Siem Atlas Siem Giant Siem Hanne Siem

2018 - Siem Offshore · SIEM OFFSHORE INC. ANNUAL REPORT 2018 3. VESSELS IN THE FLEET Platform Supply Vessels (PSV) Siem Pride Siem Symphony Siem Atlas Siem Giant Siem Hanne Siem

Documents
SIEM Architecture

SIEM Architecture

Technology
The CorreLog Approach to SIEM - ww1.prweb.comww1.prweb.com/.../CorreLog_SIEM_Server_Brochure.pdf · the CorreLog SIEM or a number of other SIEM systems. CorreLog’s SIEM Agent has

The CorreLog Approach to SIEM - ww1.prweb.comww1.prweb.com/.../CorreLog_SIEM_Server_Brochure.pdf · the CorreLog SIEM or a number of other SIEM systems. CorreLog’s SIEM Agent has

Documents
siem tirana

siem tirana

Documents
Brake cylinder protection Side cases Top cases KAWASAKI

Brake cylinder protection Side cases Top cases KAWASAKI

Documents
Top 5 digital forensic court cases

Top 5 digital forensic court cases

Law
Volantino Siem

Volantino Siem

Documents
Top Ten Planning Cases 2014-2015

Top Ten Planning Cases 2014-2015

Documents
Actual Case of AP SOC Operational Excellence -  · Use Cases / Rules Standard rules, minimal tailoring Tailored/custom rules, based on risk management Tools SIEM tool HA SIEM, Workflow/Ticketing,

Actual Case of AP SOC Operational Excellence -  · Use Cases / Rules Standard rules, minimal tailoring Tailored/custom rules, based on risk management Tools SIEM tool HA SIEM, Workflow/Ticketing,

Documents
Top 5 SIEM Trends

Top 5 SIEM Trends

Documents
Top 10 Slim iPhone 7 Cases

Top 10 Slim iPhone 7 Cases

Technology
SIEM INDUSTRIES

SIEM INDUSTRIES

Documents
SIEM Use Cases - Final - Paladion PDF/SIEM Use Cases.pdf · Paladion is a global cyber defense company that provides Managed Detection and Response Services, DevOps Security, Cyber

SIEM Use Cases - Final - Paladion PDF/SIEM Use Cases.pdf · Paladion is a global cyber defense company that provides Managed Detection and Response Services, DevOps Security, Cyber

Documents
Top Ten: BigData - ECommerce Use Cases

Top Ten: BigData - ECommerce Use Cases

Data & Analytics
SIEM evolution

SIEM evolution

Technology