Detection and Response: Quiz 2

doc__________________ is any from of recorded content that is used for a specific purpose and can be audio, digital, or handwritten instructions and even videos.

??? is an application that monitors system and network activity and produces alerts on possible intrusions

Here are examples of ???? tools.

1. AlienVault, Chronicle, Elastic, Exabeam, IBM QRadar, LogRhythm, Splunk

SIEM tools require data for them to be effectively used. During the first step, the SIEM collects event data from various sources like firewalls, servers, routers. This data is known as logs and contains event details like timestamps, IP addresses. Logs are a record of events that occur within a organization's systems. After all this log data is collected, it gets aggr____________ in one location.

par_____________ maps data according to their fields and corresponding values.

SIEM process

1. collect and agg__________________ data

2. 2. nor____________ data

   1. 3. ana_____________

an IPS or ? ? ? is an application that monitors system activity for intrusive activity and takes action to stop activity. It is similar to IDS but IPS takes action to prevent the activity and minimize its effects. An IPS can send an alert and modify an access control list on a router to block specific traffic on a server.

EDR or ? ? ? is an application that monitors an endpoint for malicious activity. EDR tools are installed on endpoints and end points is any device connected on a network which include end-user devices like computers, phones, tablets and more.

EDR tools monitor, record, and analyze endpoint system activity to identify, alert, and respond to suspicious activity. It can collect endpoint activity and perform behavioral analysis to identify threat patterns happening on an endpoint. EDR use machine learning and AI to analyze.

sec____________ orche____________ auto____________ and resp____________ = a collection of applications, tools, and workflows that uses automation to respond to security events

? ? is an alert that correctly detects the presence of an attack

true negative

true positive

false negative

false positive