Security information and event management system

A significant challenge that a great many organizations have is the nature of logging on network devices. With limited space, log files are often rolled over, where the new log files are written over older log files. The result is that in some cases, an organization may only have a few days or even a few hours of important logs. If a potential incident happened several weeks ago, the incident response personnel will be without critical pieces of evidence.

One tool that has been embraced by a number of enterprises is a Security Information and Event Management (SIEM) system. These appliances have the ability to aggregate log and event data from network sources and combine them into a single ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.