After a recent breach, the security technician decides the company needs to analyze and aggregate its security logs. Which of the following systems should be used?
A. Event log B. Syslog C. SIEM D. SNMP
Correct Answer: C
Explanation: Using a Security information and event management (SIEM) product, the security logs can be analyzed and aggregated. SIEM is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes. SIEM capabilities include Data aggregation; Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.