|

Main components of a SIEM Tool

Bymihir

SIEM also known as Security Information and event management tools are kind of log aggregation tools which helps you to view raw logs in a readable format. These raw logs can have any source like a firewall, a mobile phone or even a smart fridge. The SIEM tool helps presenting these logs in a format such that they are easy to query on and we can make sense out of these logs. To know how an SIEM tool works, it is necessary to understand the main components of a SIEM tool.

In this post we will be going through the main components of a SIEM tool:

Forwarding agent

Forwading agent is an application which runs in the background and collects logs from various sources defined in configuration. The forwarding agent continuously forwards logs generated on the machine to the Collection/Indexing server.

Collection/Indexing Server

The Indexing server aggregates all the logs that are forwarded from Forwarding Agent (from various machines, servers, etc.) and parses them so they become readable in a key value pair, hence they can be easily queried by search application.

Search Application

This is a web application which provides functionality to query logs on the indexing server. This is through this application that we can create rules that can trigger when a pattern matches and helps us in generating alerts.

Similar Posts

email headers spf dkim dmarc
|

Email Headers: What is SPF, DKIM, DMARC?

Bymihir

You must have come across these terms while looking up for email security or trying to identify a phishing email. These are actually methods used to identify whether the email received is from a legitimate source or not. Let’s get started with SPF or Sender Policy Framework. It’s a record maintained with the sender organization’s…

Difference between TCP/IP and OSI model

Bymihir

OSI stands for Open System Interconnection. OSI is a reference model and it is used only for educational purposes.On the other hand, TCP/IP, named after two of its most popular protocol, Transfer Protocol and Internet Protocol, is used everywhere. Both of these are models which represents logically what is going on. There are different protocols,…

defend ransomware
| |

What is Ransomware? Defend against ransomware.

Bymihir

Ransomware is a kind of software which holds system/systems hostage for money (usually cryptocurrency like bitcoin). Once the ransom is paid, victim is provided with a “key” to unlock the affected systems. Ransomware holds the system by encrypting victim’s files. This can cause significant dent on business’s operation as the encrypted files are often critical….

azure sentinel kql
|

What is Azure Sentinel? Sentinel and KQL

Bymihir

Azure Sentinel is a cloud-native security information and event management (SIEM) system that helps organizations detect, investigate, and respond to threats in real-time. The platform provides a centralized view of security data from multiple sources including on-premises and cloud-based systems, which makes it easy to analyze data and get insights into potential security incidents. Additionally,…

Leave a Reply

Your email address will not be published. Required fields are marked *