Home
Cybersecurity
SIEM data collecting
Gjorg19
Hi all,
I'm fairly new in the world of cyber security and new to this forum and i could use some professional help regarding SIEM. After doing some research i've read that SIEM uses agents for log aggregation. If i'm not mistaken, is this the case for systems with an OS like computers and servers. My question is, how does SIEM collect data from network devices such as switches, routers and firewalls? How does SIEM communicate with these devices?
Find more posts tagged with
cybersecurity tools
siem configuration
soc
Comments
SteveLavoie
Often, SNMP and syslog are used to collect data from network devices.
JDMurray
SIEM does not actively collect event information from devices (i.e., polling). Instead, all networked devices are configured to send their event information (e.g., syslog, NetFlow, SNMP traps, etc.) to centralized collection systems. A SIEM then reads this collected data, de-duplicates, indexes, and correlates events to create information about device and network state at specific points in time. A SIEM analyst can then run searches manually on the SIEM to find events, or have SIEM rules automatically detect specific event conditions and trigger SIEM alerts at their presence.
Some monitoring systems, such as SNMP management stations, can actively poll devices to collect snapshots of information at the current time (i.e., reconnaissance). This information can also be stored and imported by a SIEM for processing.
Gjorg19
Thank you very much for clearing that up guys. I'll be doing more research regarding the implementation of SIEM.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
