doc__________________ is any from of recorded content that is used for a specific purpose and can be audio, digital, or handwritten instructions and even videos.

??? is an application that monitors system and network activity and produces alerts on possible intrusions

Here are examples of ???? tools.

1. AlienVault, Chronicle, Elastic, Exabeam, IBM QRadar, LogRhythm, Splunk

SIEM tools require data for them to be effectively used. During the first step, the SIEM collects event data from various sources like firewalls, servers, routers. This data is known as logs and contains event details like timestamps, IP addresses. Logs are a record of events that occur within a organization's systems. After all this log data is collected, it gets aggr____________ in one location.

par_____________ maps data according to their fields and corresponding values.

SIEM process

1. collect and agg__________________ data

2. 2. nor____________ data

   1. 3. ana_____________

an IPS or ? ? ? is an application that monitors system activity for intrusive activity and takes action to stop activity. It is similar to IDS but IPS takes action to prevent the activity and minimize its effects. An IPS can send an alert and modify an access control list on a router to block specific traffic on a server.