2.1 What is SIEM?

00:01

Welcome to Module one. What is the scene

00:05

in this video? You will learn about what a seam is and what seemed tools are commonly used for. If you don't know you're on the right. Please,

00:14

before we begin a pre assessment question.

00:17

True or false, a theme is only used to monitor network traffic.

00:23

If you answered false, you were correct. A scene can be used for a variety of things. Let's jump in and see what

00:32

a seam is. A security information. An event management tool. This is a tool that helps us to monitor our network traffic and provide real time analysis of security alerts produced by the applications and is critical to the monitoring of in continuous improvement of security.

00:47

It is usually comprised of different types of smaller tools. Ah, log management system, for instance, would collect a log data from various systems and applications like workstations, firewalls, servers, et cetera.

00:59

A security event manager will focus on real time logs gathered by security and network devices in order to correlate security events.

01:07

A security of meant correlation will examine patterns and log files and flag potential threats,

01:12

and in combination of these tools, can make up the seam, which centralizes storage and analysis of not only traffic but many different log types.

01:22

So why do I need a seam?

01:23

Seamus? A hopeful tool and many sizes and types of environments. It can allow for a lateral or bird side view of IC activity, which will generally organized logs and information into a hetero genius view so that many different sources of information can be managed and seen at once.

01:41

It can also normalize activity to readable data and match it to certain specifications that a user or even vendor have to find

01:49

in order to make it more easily understood.

01:51

In case of an attack. It can help to run analysis on what data was breached or potentially compromised.

01:57

It can also easily set rules or parameters in order to block further attacks.

02:04

When you have applications running, they will generate data as they function. This data will be forwarded to a seat and be a collector or forward or indifferent. Four months

02:13

the seam, then Agra Gates and consolidates input and format data into actionable output.

02:17

User can use the seem to take these raw logs of data and display and filter any specific information you do or don't want shown.

02:25

This allows for an easier to understand dashboard of important information.

02:30

Once filtered, analysis and correlation can be performed by our teams.

02:34

As a note, these applications generates so much data that it would be overwhelming if all of it were to be interpreted. This is why steam tools are not only important but necessary and larger organizations with more applications and data.

02:47

In today's brief lecture, we discussed what a seam is and how it might be used.