July 2017
Beginner to intermediate
324 pages
7h 48m
English
Content preview from Digital Forensics and Incident Response
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Security information and event management system
A significant challenge that a great many organizations have is the nature of logging on network devices. With limited space, log files are often rolled over, where the new log files are written over older log files. The result is that in some cases, an organization may only have a few days or even a few hours of important logs. If a potential incident happened several weeks ago, the incident response personnel will be without critical pieces of evidence.
One tool that has been embraced by a number of enterprises is a Security Information and Event Management (SIEM) system. These appliances have the ability to aggregate log and event data from network sources and combine them into a single ...