Module 3. Security information and event management (SIEM) dashboards

To collect, search, and monitor log data in a cloud-hosted environment.

All computers and devices that enter and leave the network, as well as connections between devices and services on the network.

The Open Information Security Foundation (OISF).

A record of attempted or established connections for incoming traffic from the internet and outbound requests to the internet from within the network.

To identify suspicious patterns that can occur in the event of an incident, highlighting higher risk items that need immediate review by an analyst and providing a visual timeline of the events leading up to an incident.

An open-source network analysis and threat detection software.

To retain, analyze, and search an organization's log data to provide security information and alerts in real-time.

Statistics related to incidents with the highest occurrences, severities, and detections over time.

To display the last 24 hours of an organization’s notable security-related events and trends and allow security professionals to determine if security infrastructure and policies are performing as designed.

To highlight recent alerts, identify suspicious domain names in logs (indicators of compromise), and provide a severity level that indicates the significance of each threat to the organization.

To analyze and monitor the overall health of the organization over time, providing high-level insights to stakeholders and generating a summary of security incidents and trends over a specific period of time.

Events related to services, such as websites, emails, or file shares, including actions like login, password, and username requests.

Number of event logs, log sources, and success rates of data being processed into Chronicle.

To collect and analyze log data to monitor critical activities in an organization, offering real-time monitoring and tracking of security event logs.

A record of events that occur within an organization’s systems.

To help analysts identify risk for each risk object (e.g., a specific user, a computer, or an IP address) and analyze the potential impact of vulnerabilities in critical assets to prioritize risk mitigation efforts.

To inspect network traffic, identify suspicious behavior, and generate network data logs.

To collect, analyze, and correlate security data from various sources across IT infrastructure to identify and respond to security threats in real-time.

To observe domain names, IP addresses, and device IOCs over time to identify trends and direct the security team’s focus to the highest priority threats.

To help cybersecurity team members manage and monitor organizational data.

To use automation to respond to security events.

A high-level summary of information related to the organization’s data ingestion, alerting, and event activity over time.

To retain, analyze, and search an organization's log data to provide security information and alerts in real-time.