4.1 Common Examples of SIEM Tools

00:00

welcome to Model three common seem tools.

00:06

In the last video, we discussed how to use common steam tools and then went through a few labs, detail, ING manual vulnerability assessment and log analysis.

00:14

In this video, we'll go over some common examples of seemed tools you might encounter in the industry.

00:20

Now, if you're pre assessment question Career Falls. There's only one main vendor that offers seem tools.

00:27

The answer is false. Their money vendors that offer seem tools. Let's dive in and take a look.

00:32

First we have Splunk. Splunk offers an analytics driven scene.

00:37

It's one of the most popular choices, especially in the financial, public sector and healthcare industries. They're most well known for their Enterprise Security program, which uses an A P I to analyze logs.

00:47

Since this was released, *** has also developed specific programs to target ransomware and threats.

00:53

One of the unique things about *** is the query language needed to be used in order to find in filter items.

00:59

As you can see here, Splunk offers a high level view of operations and security and even breaks down items into sections for application delivery,

01:07

business analytics and connected devices that are part of the Internet of things.

01:12

Rapid seven offers a scene product called Inside I D R.

01:17

This is not only meant to detect threats and breaches, but to analyze user behavior. Behind these occurrences,

01:22

the program has built in behavior analytics and deception technology as well. A centralized logging common in most of these seem products we will discuss.

01:32

Here's a screenshot of the inside i. D. Our dashboard. You can see a high level view of users events monitored, notable behaviors and points, et cetera.

01:40

You can also use this view to monitor honey pots that air set and create a watch list of users for a certain span of time.

01:48

Finally, there's a map where you can visually analyze alerts.

01:52

Next, we have great log.

01:53

Gray Log is a unique platform with a focus on the log management.

01:57

They're only two offerings. Bolton Open source in an enterprise version,

02:00

the advertisers Special storage and Retrieval model, making it very fast and with lower storage costs.

02:07

Here's what gray log looks like.

02:08

You can see what alerts happened. Most often visualize alert sources on a map and also create charts of alert attacks. Sources. The gray log dash is much less busy than many of the others in the industry.

02:21

Alien vote recently joined with A T and T and is now called A T and T Security.

02:24

The alien vote offering boasts threat detection, incident response in compliance in a single offering.

02:31

They're big selling point. Is everything being available on one platform? They also speak a lot to being aligned with the NIST cyber security framework.

02:39

Here's alien votes

02:42

again you consort by alarms data sources in 10 etcetera.

02:46

Something unique here is that you can look at the events trend, and you also have a top down view of included operating systems.

02:53

Elastic is a big offering of varied service is that allow you to augment existing programs and essentially built a custom scene.

03:00

They also boast logging metrics, site search, a P M app search and a variety of other offerings that can be integrated into your scene.

03:09

Here's an example of elastic

03:12

very similar to some of the others, but two interesting fields of the tag cloud field, with the most common phrases on large and the top executive man's chart. Always good to know what admin commands are being used in the environment

03:25

logarithms offering is called the next Gen Seen platform.

03:30

They've crafted a threat lifecycle management methodology that AIDS members of the sock and their roles in incident response.

03:36

They also offer Adams that support cloud specifically network devices and sensor devices.

03:44

Log Rhythm has a sci fi kind of looking dashboard with top classifications events, applications, hosts, source types, et cetera.

03:54

Que radar is IBM is offering for seemed solutions. They boasts real time threat detection and elimination of manual tasks.

04:02

The software correlates related activities for the sock user and prioritizes them based on threat.

04:10

Here's Q Reiter's dashboard. It goes into severe offenses off failures by user, high risk users, sources, etcetera.

04:18

They're also tabs specifically for logging, network activity, assets,

04:23

user analytics and other features.

04:26

Last but not least, we have Ark site.

04:29

Ark. Site was developed by micro Focus as a seam offering. They pride themselves on community driven security content, which means that up to date threat information is always available.

04:39

They also boasts separate solutions for investigating further into threats and vulnerabilities.

04:46

Excite has a more classic log type dashboard. This is the event center,

04:49

where you can visualize events and break them down further into a comprehensive list.

04:58

In today's brief lecture, we discussed different vendor offerings for seen tools and examples of each.

05:04

And next. We have a lab with a walkthrough of how to create scene reports with ***.