Event correlation: This involves analyzing relationships between the collected events to identify the pattern of events.This allows analysts to run queries across collected events for better and quicker analysis. Event normalization: The attributes of the collected logs are extracted and stored in the common data fields hat define an event such as IP addresses, hostnames, usernames, interfac- names, ports, programs etc.
Event collection: AlienVault has the ability to collect logs from various sources in your environment, host servers and systems, applications running on servers, network devices, such as firewalls and routers, name them endpoints in your environment.What crosses your mind when we talk about event collection, normalization and correlation? Let us put this in black and white: It comes enriched with features like event collection, normalization and correlation. AlienVault OSSIM is the open source version of AlienVault SIEM. Well, AlienVault is one of the leading SIEM solutions. If you are a Blue Team security analyst, in one way or another you must have heard of or interact with not one, not two SIEM (Security Information and Event Management) solutions. Basic Configuration for AlienVault OSSIM Integrating with Sophos UTM
0 kommentar(er)
