Questions tagged [siem]
Security Information and Event Management (SIEM) is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure.
89
questions
7
votes
2
answers
1k
views
SIEM: Monitoring End Users and DHCP IP assigning issue
I want to monitor my end users activity for which I have selected Alien Vault as my SIEM solution. Now, when I see logs coming in and I see malicious activity at a certain IP (e.g 10.10.10.4) with ...
0
votes
1
answer
3k
views
Difference between audit log failure/success?
I am working on event logs. I receive different logs such as 1. Success audit 2. Failure audit For same type of events(Login,logoff) etc. What exactly is the difference between these two types of ...
0
votes
1
answer
435
views
Do we need to include SIEM hosted in the cloud in CDE scope for PCI DSS requirement..? where no CD or transacation logs are being process or managed
We have our cardholder data environment (CDE) hosted in on-premise model (private datacenter), except SIEM solution is implemented for logging and monitoring in private cloud. where we are forwarding ...
2
votes
2
answers
807
views
Detect a Host on my Network that is Conducting Web Scraping on External Systems
It recently came to my attention (through an outside company) that a host on my internal LAN may be conducting web scraping activity against that outside company's web servers. Due to this activity, ...
0
votes
1
answer
351
views
Attack from different blacklisted IP which belongs to different GEO location [closed]
Attack from different blacklisted IP which belongs to different GEO location although source MAC address is same. Why?
1
vote
1
answer
1k
views
Are SIEM and NIDS/HIDS complementary?
I just would like to have your feedback if you were involved with Security Information and Event Management.
From your experience, do we have to add a SIEM to an existing NIDS (snort) and HIDS (ossec)...
2
votes
1
answer
467
views
Dealing with "trojan" ports
We have a SOC which "monitors" our network activity, it basically collects all logs from all our firewalls and creates reports.
We have a huge network with hundreds of servers and upto 2000 users, ...
1
vote
0
answers
472
views
How to create alerts for Watchgurd firewall in SIEM
I'm working in a SOC (Security Operation Center) where we use a WatchGuard firewall in our customer's environment.
We currently create alerts for other devices (SonicWall,Cisco ASA) based on event ...
0
votes
1
answer
430
views
Feeding Azure portal logs into a SIEM solution
Currently working on a cloud transformation project where all infrastructure is being placed into Azure.
We currently use a SIEM solution to monitor and assess events across the environment. The ...
0
votes
1
answer
1k
views
Physical Access Control Logging on a SIEM - Is it worthwhile?
The company I work for (Manufacturing) are upgrading their Physical Access Control (PAC) System, and it will come with logging that can be fed into the our SIEM tool(LogRhythm).
Does anyone have any ...
-2
votes
1
answer
785
views
Telnet alert on SIEM
We are currently setting up the McAfee SIEM. Some rules have been set up using signature ID. Below is the alarm that triggers frequently:
Summary: Signature ID 'Suspicious - Remote Shell ...
1
vote
1
answer
2k
views
Callback Detectors: Connection to High Confidence C&C Server IP Detected
We are in the process of tuning McAfee ESM. Below is the log-
Source IP = 173.224.123.242
Destination IP = Internal IP (always the same)
Source Port = 443
Destination Port = 3740 (2502, 2442, 1208, ...
0
votes
1
answer
1k
views
I can't connect to OSSIM server [closed]
I installed OSSIM in VMware workstation.The installation was successful.But when I entered the login and the password I have this message " incorrect login" I know that la login must be "root".
...
2
votes
2
answers
618
views
Choosing between SSH and HTTPS for executing script using McAfee ESM Nitro
We intend to use McAfee ESM Nitro (SIEM) for security monitoring of our infrastructure servers. To bring automation in system administration of our servers, we have developed some applications in-...
1
vote
1
answer
1k
views
How to test DOS attacks through Router?
One of my clients has been told by their ISP that a DoS attack has happened and they have provided the logs of Juniper router. What is the criteria in routers on which we can confirm DoS attack is ...