SIEM data collecting
Gjorg19
Member Posts: 2 ■□□□□□□□□□
Hi all,
I'm fairly new in the world of cyber security and new to this forum and i could use some professional help regarding SIEM. After doing some research i've read that SIEM uses agents for log aggregation. If i'm not mistaken, is this the case for systems with an OS like computers and servers. My question is, how does SIEM collect data from network devices such as switches, routers and firewalls? How does SIEM communicate with these devices?
I'm fairly new in the world of cyber security and new to this forum and i could use some professional help regarding SIEM. After doing some research i've read that SIEM uses agents for log aggregation. If i'm not mistaken, is this the case for systems with an OS like computers and servers. My question is, how does SIEM collect data from network devices such as switches, routers and firewalls? How does SIEM communicate with these devices?
Tagged:
Comments
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□Often, SNMP and syslog are used to collect data from network devices.
-
JDMurray Admin Posts: 13,099 AdminSIEM does not actively collect event information from devices (i.e., polling). Instead, all networked devices are configured to send their event information (e.g., syslog, NetFlow, SNMP traps, etc.) to centralized collection systems. A SIEM then reads this collected data, de-duplicates, indexes, and correlates events to create information about device and network state at specific points in time. A SIEM analyst can then run searches manually on the SIEM to find events, or have SIEM rules automatically detect specific event conditions and trigger SIEM alerts at their presence.Some monitoring systems, such as SNMP management stations, can actively poll devices to collect snapshots of information at the current time (i.e., reconnaissance). This information can also be stored and imported by a SIEM for processing.
-
Gjorg19 Member Posts: 2 ■□□□□□□□□□Thank you very much for clearing that up guys. I'll be doing more research regarding the implementation of SIEM.