From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Correlating security event information
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Correlating security event information
- [Narrator] You already know that log files are an important security control. They allow IT professionals to detect suspicious activity taking place on their systems, networks, and applications. However, if you're like most of us in the security field, you simply don't have the time to do a thorough job of reviewing those logs. There are simply far too many log entries generated by systems each day. And trudging through them would be tedious, mind-numbing work. Fortunately, computers are very good at tedious work. And most organizations now go beyond the simple reporting and alerting mechanisms of years past, and apply artificial intelligence approaches to the problem of security log analysis. Security Information and Event Management, or SIEM systems, have two major functions on an enterprise network. First, they act as a central, secure collection point for log entries. Administrators configure all of their systems,…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.