Question
1. a) What are some log collection/management considerations that an organization might need to bear in mind? b) Do log files unto themselves provide an
1.
a) What are some log collection/management considerations that an organization might need to bear in mind?
b) Do log files unto themselves provide an organization with complete visibility into what's occurring on the organization's network or to support internal investigations? If not, what other data sources might you think would provide enrichment to the existing data set?
c) Research centralized security incident and event management systems. Provide a summary of the features they contain and provide your assessment on how these features can be used by an organization (SOC analyst, threat hunting team, or incident responder) to help support investigations? Are there any particular features that might be useful to help with regulatory compliance reporting?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started