SIEM data collecting

Hi all,

I'm fairly new in the world of cyber security and new to this forum and i could use some professional help regarding SIEM. After doing some research i've read that SIEM uses agents for log aggregation. If i'm not mistaken, is this the case for systems with an OS like computers and servers. My question is, how does SIEM collect data from network devices such as switches, routers and firewalls? How does SIEM communicate with these devices?

Find more posts tagged with

cybersecurity tools

siem configuration

soc

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

SteveLavoie

Often, SNMP and syslog are used to collect data from network devices.

JDMurray

SIEM does not actively collect event information from devices (i.e., polling). Instead, all networked devices are configured to send their event information (e.g., syslog, NetFlow, SNMP traps, etc.) to centralized collection systems. A SIEM then reads this collected data, de-duplicates, indexes, and correlates events to create information about device and network state at specific points in time. A SIEM analyst can then run searches manually on the SIEM to find events, or have SIEM rules automatically detect specific event conditions and trigger SIEM alerts at their presence.

Some monitoring systems, such as SNMP management stations, can actively poll devices to collect snapshots of information at the current time (i.e., reconnaissance). This information can also be stored and imported by a SIEM for processing.

Gjorg19

Thank you very much for clearing that up guys. I'll be doing more research regarding the implementation of SIEM.