Chapter 6. Security Event Generation and Collection

“You will miss the best things if you keep your eyes shut.”—Dr. Seuss

This chapter covers ways to collect data from various sources so that it can be converted into a useful format for the security operations center (SOC). The chapter provides many examples of data-producing sources, ranging from network firewalls to security software installed on end-user devices. Each data-generating source covered includes steps on how to export data to a centralized correlation utility. The chapter concludes with a discussion about how to use behavior analytics from NetFlow tuned to alert the SOC of top areas of concern, such as network breaches or systems reaching maximum capacity. This can be extremely ...

Get Security Operations Center: Building, Operating and Maintaining your SOC now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.