From the course: Network Forensics
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Splunk
- [Instructor] Security information and event management, or SIEM, systems like Splunk collect and analyze network forensics data generated by many sources including intelligent detection systems or IDSs, intrusion prevention systems or IPSs, and vulnerability management systems. SIEM focuses on monitoring, logging, and analyzing network security events in real time. The ultimate goal of SIEM is to alert human operators when suspicious or anomalous activities are detected. The main difference between SIEM and systems such as IDSs, IPSs, and vulnerability management systems is that SIEM is much more capable of managing network security data and tracing network events in terms of its scope and capacity. SIEM also provides a much more comprehensive and holistic view of your network beyond specific intrusion attempts or known vulnerabilities by leveraging IDS, IPS, and vulnerability management system data and correlating them. Due to the recent advances in data science, SIEM systems are…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.