Week 4 Posting - SIEM

SIEM is a system whose goal is to collect and centralize information from multiple systems to give a “heart beat” or the overall status of the network and security posture. When a security information and event management system or SIEM is setup the data should always be one-way traffic in UDP format, if each SIEM had direct access to each system this could cause a whole new security vulnerability from a system designed to protect a network. SIEM uses multiple input sources and types of data depending on the centralized system, some of the protocols that are used are as follows: SysLog, SNMP, NetFlow, Windows Event Log and Common Event Format(CEF) .

Any company that uses multiple systems that are hard to keep track of or hard to keep eyes on a SIEM should be implemented, from basic network load to servers that are pegged due to a DDoS attack, SIEMs can help administrators see more info in a domain.