security monitoring using siem null bangalore meet april 2015
TRANSCRIPT
Security Monitoring using SIEM
By:Rishabh GuptaEmail: [email protected]: [email protected]
Flow of the presentation
• What is Log file ?
• What is Event ?
• What is security monitoring?
• SIEM Architecture
What kind of rule we write in SIEM
• In SIEM we write correlation rules
• For e.g.: Suppose: X is Event 1Y is Event 2
Then we write rules like:
Rule 1: If X is generated after Y within 2 minutes then generate SIEM alert Z
Rule 2: If X is generated 10 times within 1 minutes then generate SIEM alert B
How we write a rule ?
We try to understand the pattern of different attacks and then try to convert it into rules