/Capabilities
Event
Analisys
Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.
Log
Correlation
Looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information.
Alerting
Monitoring
The automated monitoring analysis of correlated events. Alerts is typically a function of the Security Event Management portion of a full SIEM solution.
Dashboards
KPIs
Tools can take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.
Compliance
Data
Employing long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements. Long term log data retention is critical in discovery.
Incident
Response
The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your head or having to search through thousands and thousands of logs.
/Articles
Douglas Bernardini
Cybersecurity Specialist & Cloud Computing Expert with +10 years experience in IT infrastructure.
Specialist delivering assets for development teams in Google Cloud Platform (GCP) and Amazon web services (AWS)
Hands-on cloud security enterprise architect, with experience in SIEM/SOC, IAM, cryptography, pentest, network topologies, operating systems, databases, and applications.
Experience in DevSecOps analysis to discover vulnerabilities in software, identifying CI/CD risks gaps and recommending secure-coding process (S-SDLC).
Certs
