Sign in  |  Register
Advanced search
Publication Cover

CITATION

Miller, David; Harris, Shon; Harper, Allen; VanDyke, Stephen; and Blask, Chris. Security Information and Event Management (SIEM) Implementation. US: McGraw-Hill Osborne Media, 2010.

Security Information and Event Management (SIEM) Implementation

Authors: David Miller, Shon Harris, Allen Harper, Stephen VanDyke and Chris Blask

Published:  October 2010

eISBN: 9780071701082 0071701087 | ISBN: 9780071701099
Open eBook
  • Contents
  • Foreword
  • Acknowledgments
  • Introduction
  • Part I: Introduction to SIEM: Threat Intelligence for IT Systems
  • 1 Business Models
  • What Are IT Business Models?
  • What You Have to Worry About
  • Overview of CIA
  • Government
  • Commercial Entities
  • Universities
  • How Does Your Company's Business Model Affect You?
  • 2 Threat Models
  • The Bad Things That Could Happen
  • Recognizing Attacks on the IT Systems
  • Summary
  • 3 Regulatory Compliance
  • Compliance Regulations
  • Recommended Best Practices
  • Prudent Security
  • Summary
  • Part II: IT Threat Intelligence Using SIEM Systems
  • 4 SIEM Concepts: Components for Small and Medium-size Businesses
  • The Homegrown SIEM
  • Log Management
  • Event Correlation
  • Endpoint Security
  • IT Regulatory Compliance
  • Implementation Methodology
  • Tools Reference
  • Summary
  • 5 The Anatomy of a SIEM
  • Source Device
  • Log Collection
  • Parsing/Normalization of Logs
  • Rule Engine/Correlation Engine
  • Log Storage
  • Monitoring
  • Summary
  • 6 Incident Response
  • What Is an Incident Response Program?
  • How to Build an Incident Response Program
  • Security Incidents and a Guide to Incident Response
  • Automated Response
  • Summary
  • 7 Using SIEM for Business Intelligence
  • What Is Business Intelligence
  • Common Business Intelligence Questions
  • Developing Business Intelligence Strategies Using SIEM
  • Summary
  • Part III: SIEM Tools
  • 8 AlienVault OSSIM Implementation
  • Background
  • Design
  • Implementation
  • Web Console
  • Summary
  • 9 AlienVault OSSIM Operation
  • Interface
  • Analysis of a Basic Attack
  • Analysis of a Sophisticated Attack
  • Summary
  • 10 Cisco Security: MARS Implementation
  • Introduction to MARS
  • Analyze Requirements
  • Design
  • Deployment
  • Operation: Queries, Rules, and Reports
  • Limitations
  • Summary
  • 11 Cisco MARS Advanced Techniques
  • Using the MARS Dashboard
  • Adding Unsupported Devices to MARS
  • A Typical Day in the Life of a MARS Operator
  • Limitations
  • Summary
  • 12 Q1 Labs QRadar Implementation
  • QRadar Architecture Overview
  • Q1 Labs Terms to Know
  • Planning
  • Initial Installation
  • Getting Flow and Event Data into QRadar
  • Summary
  • 13 Q1 Labs QRadar Advanced Techniques
  • Using the QRadar Dashboard
  • QRadar Sentries
  • QRadar Rules
  • The Offense Manager
  • QRadar Tuning
  • Stepping Through the Process
  • Summary
  • 14 ArcSight ESM v4.5 Implementation
  • ArcSight Terminology and Concepts
  • Overview of ArcSight Products
  • ArcSight ESM v4.5 Architecture Overview
  • Planning Your Deployment
  • Initial Installation
  • Summary
  • 15 ArcSight ESM v4.5 Advanced Techniques
  • Operations: Dealing with Data
  • Managing Assets and Networks
  • Management and Troubleshooting
  • Summary
  • Appendix: The Ways and Means of the Security Analyst
  • Index