Sign in
|
Register
|
Mobile
Home
Browse
About us
Help/FAQ
Advanced search
Home
>
Browse
>
Security Information and Event Management (SIEM) Implementation
CITATION
Miller, David;
Harris, Shon;
Harper, Allen;
VanDyke, Stephen; and
Blask, Chris
.
Security Information and Event Management (SIEM) Implementation
.
US
: McGraw-Hill Osborne Media, 2010.
Add to Favorites
Email to a Friend
Download Citation
Security Information and Event Management (SIEM) Implementation
Authors:
David Miller
,
Shon Harris
,
Allen Harper
,
Stephen VanDyke
and
Chris Blask
Published:
October 2010
eISBN:
9780071701082 0071701087
|
ISBN:
9780071701099
Open eBook
Book Description
Table of Contents
Contents
Foreword
Acknowledgments
Introduction
Part I: Introduction to SIEM: Threat Intelligence for IT Systems
1 Business Models
What Are IT Business Models?
What You Have to Worry About
Overview of CIA
Government
Commercial Entities
Universities
How Does Your Company's Business Model Affect You?
2 Threat Models
The Bad Things That Could Happen
Recognizing Attacks on the IT Systems
Summary
3 Regulatory Compliance
Compliance Regulations
Recommended Best Practices
Prudent Security
Summary
Part II: IT Threat Intelligence Using SIEM Systems
4 SIEM Concepts: Components for Small and Medium-size Businesses
The Homegrown SIEM
Log Management
Event Correlation
Endpoint Security
IT Regulatory Compliance
Implementation Methodology
Tools Reference
Summary
5 The Anatomy of a SIEM
Source Device
Log Collection
Parsing/Normalization of Logs
Rule Engine/Correlation Engine
Log Storage
Monitoring
Summary
6 Incident Response
What Is an Incident Response Program?
How to Build an Incident Response Program
Security Incidents and a Guide to Incident Response
Automated Response
Summary
7 Using SIEM for Business Intelligence
What Is Business Intelligence
Common Business Intelligence Questions
Developing Business Intelligence Strategies Using SIEM
Summary
Part III: SIEM Tools
8 AlienVault OSSIM Implementation
Background
Design
Implementation
Web Console
Summary
9 AlienVault OSSIM Operation
Interface
Analysis of a Basic Attack
Analysis of a Sophisticated Attack
Summary
10 Cisco Security: MARS Implementation
Introduction to MARS
Analyze Requirements
Design
Deployment
Operation: Queries, Rules, and Reports
Limitations
Summary
11 Cisco MARS Advanced Techniques
Using the MARS Dashboard
Adding Unsupported Devices to MARS
A Typical Day in the Life of a MARS Operator
Limitations
Summary
12 Q1 Labs QRadar Implementation
QRadar Architecture Overview
Q1 Labs Terms to Know
Planning
Initial Installation
Getting Flow and Event Data into QRadar
Summary
13 Q1 Labs QRadar Advanced Techniques
Using the QRadar Dashboard
QRadar Sentries
QRadar Rules
The Offense Manager
QRadar Tuning
Stepping Through the Process
Summary
14 ArcSight ESM v4.5 Implementation
ArcSight Terminology and Concepts
Overview of ArcSight Products
ArcSight ESM v4.5 Architecture Overview
Planning Your Deployment
Initial Installation
Summary
15 ArcSight ESM v4.5 Advanced Techniques
Operations: Dealing with Data
Managing Assets and Networks
Management and Troubleshooting
Summary
Appendix: The Ways and Means of the Security Analyst
Index