Date post: | 20-Jul-2015 |
Category: |
Technology |
Upload: | nu-the-open-security-community |
View: | 158 times |
Download: | 0 times |
Security Monitoring using SIEM
By:Rishabh GuptaEmail: [email protected]: [email protected]
Flow of the presentation
• What is Log file ?
• What is Event ?
• What is security monitoring?
• SIEM Architecture
What kind of rule we write in SIEM
• In SIEM we write correlation rules
• For e.g.: Suppose: X is Event 1Y is Event 2
Then we write rules like:
Rule 1: If X is generated after Y within 2 minutes then generate SIEM alert Z
Rule 2: If X is generated 10 times within 1 minutes then generate SIEM alert B
How we write a rule ?
We try to understand the pattern of different attacks and then try to convert it into rules