Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Security Monitoring using SIEM
By:
Rishabh Gupta
Email: ims2012074@gmail.com
Blog: book4securitymonitoring@blogspot.com
Flow of the presentation
• What is Log file ?
• What is Event ?
• What is security monitoring?
• SIEM Architecture
What is Log file
What is Event ?
Each line in above log describes an event
What is Monitoring ?
What is Security Monitoring ?
What kind of rule we write in SIEM
• In SIEM we write correlation rules
• For e.g.: Suppose: X is Event 1
Y is Event 2
The...
How we write a rule ?
We try to understand the pattern of different attacks and then try to convert it into rules
Different patterns of attacks
Gartner 2012, 2013, 2014 Magic
Quadrant for SIEM Vendors
SIEM Architecture
Splunk Architecture
ArcSight Architecture
Alien Vault Architecture
Qradar Architecture
Elements which are normally present in almost every attack scenario
SIEM presents the complete detail of the attack scenario
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
Prochain SlideShare
Chargement dans…5
×

Security Monitoring using SIEM null bangalore meet april 2015

Security Monitoring using SIEM

  • Identifiez-vous pour voir les commentaires

Security Monitoring using SIEM null bangalore meet april 2015

  1. 1. Security Monitoring using SIEM By: Rishabh Gupta Email: ims2012074@gmail.com Blog: book4securitymonitoring@blogspot.com
  2. 2. Flow of the presentation • What is Log file ? • What is Event ? • What is security monitoring? • SIEM Architecture
  3. 3. What is Log file
  4. 4. What is Event ?
  5. 5. Each line in above log describes an event
  6. 6. What is Monitoring ?
  7. 7. What is Security Monitoring ?
  8. 8. What kind of rule we write in SIEM • In SIEM we write correlation rules • For e.g.: Suppose: X is Event 1 Y is Event 2 Then we write rules like: Rule 1: If X is generated after Y within 2 minutes then generate SIEM alert Z Rule 2: If X is generated 10 times within 1 minutes then generate SIEM alert B
  9. 9. How we write a rule ? We try to understand the pattern of different attacks and then try to convert it into rules
  10. 10. Different patterns of attacks
  11. 11. Gartner 2012, 2013, 2014 Magic Quadrant for SIEM Vendors
  12. 12. SIEM Architecture
  13. 13. Splunk Architecture
  14. 14. ArcSight Architecture
  15. 15. Alien Vault Architecture
  16. 16. Qradar Architecture
  17. 17. Elements which are normally present in almost every attack scenario
  18. 18. SIEM presents the complete detail of the attack scenario

×