𝔖 Scriptorium
✦   LIBER   ✦
📁

Security Information and Event Management

✍ Scribed by David Miller, Shon Harris, Allen Harper, Stephen VanDyke, Chris Blask

Publisher
McGraw-Hill Osborne Media
Year
2010
Tongue
English
Leaves
465
Series
SIEM) Implementation Network Pro Library
Edition
1
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Implement a robust SIEM system

Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.

  • Assess your organization’s business models, threat models, and regulatory compliance requirements
  • Determine the necessary SIEM components for small- and medium-size businesses
  • Understand SIEM anatomy—source device, log collection, parsing/normalization of logs, rule engine, log storage, and event monitoring
  • Develop an effective incident response program
  • Use the inherent capabilities of your SIEM system for business intelligence
  • Develop filters and correlated event rules to reduce false-positive alerts
  • Implement AlienVault’s Open Source Security Information Management (OSSIM)
  • Deploy the Cisco Monitoring Analysis and Response System (MARS)
  • Configure and use the Q1 Labs QRadar SIEM system
  • Implement ArcSight Enterprise Security Management (ESM) v4.5
  • Develop your SIEM security analyst skills

✦ Table of Contents

Contents......Page 14
Foreword......Page 22
Acknowledgments......Page 24
Introduction......Page 26
Part I: Introduction to SIEM: Threat Intelligence for IT Systems......Page 36
1 Business Models......Page 38
What Are IT Business Models?......Page 39
What You Have to Worry About......Page 40
Overview of CIA......Page 44
Government......Page 45
Commercial Entities......Page 49
Universities......Page 51
How Does Your Company's Business Model Affect You?......Page 53
2 Threat Models......Page 54
The Bad Things That Could Happen......Page 56
Recognizing Attacks on the IT Systems......Page 60
Summary......Page 68
3 Regulatory Compliance......Page 70
Compliance Regulations......Page 73
Recommended Best Practices......Page 76
Prudent Security......Page 77
Summary......Page 84
Part II: IT Threat Intelligence Using SIEM Systems......Page 86
4 SIEM Concepts: Components for Small and Medium-size Businesses......Page 88
The Homegrown SIEM......Page 89
Log Management......Page 90
Event Correlation......Page 98
Endpoint Security......Page 102
IT Regulatory Compliance......Page 106
Implementation Methodology......Page 109
Tools Reference......Page 110
Summary......Page 111
5 The Anatomy of a SIEM......Page 112
Source Device......Page 113
Log Collection......Page 116
Parsing/Normalization of Logs......Page 119
Rule Engine/Correlation Engine......Page 121
Log Storage......Page 125
Monitoring......Page 126
Summary......Page 127
6 Incident Response......Page 128
What Is an Incident Response Program?......Page 129
How to Build an Incident Response Program......Page 132
Security Incidents and a Guide to Incident Response......Page 136
Automated Response......Page 146
Summary......Page 149
7 Using SIEM for Business Intelligence......Page 150
What Is Business Intelligence......Page 151
Common Business Intelligence Questions......Page 154
Developing Business Intelligence Strategies Using SIEM......Page 165
Summary......Page 170
Part III: SIEM Tools......Page 172
8 AlienVault OSSIM Implementation......Page 174
Background......Page 175
Design......Page 182
Implementation......Page 184
Web Console......Page 201
Summary......Page 203
9 AlienVault OSSIM Operation......Page 204
Interface......Page 205
Analysis of a Basic Attack......Page 220
Analysis of a Sophisticated Attack......Page 225
Summary......Page 230
10 Cisco Security: MARS Implementation......Page 232
Introduction to MARS......Page 233
Analyze Requirements......Page 237
Design......Page 240
Deployment......Page 241
Operation: Queries, Rules, and Reports......Page 251
Summary......Page 258
11 Cisco MARS Advanced Techniques......Page 260
Using the MARS Dashboard......Page 261
Adding Unsupported Devices to MARS......Page 278
A Typical Day in the Life of a MARS Operator......Page 287
Summary......Page 294
12 Q1 Labs QRadar Implementation......Page 296
QRadar Architecture Overview......Page 297
Q1 Labs Terms to Know......Page 301
Planning......Page 302
Initial Installation......Page 305
Getting Flow and Event Data into QRadar......Page 320
Summary......Page 322
13 Q1 Labs QRadar Advanced Techniques......Page 324
Using the QRadar Dashboard......Page 326
QRadar Sentries......Page 334
QRadar Rules......Page 336
The Offense Manager......Page 342
QRadar Tuning......Page 344
Stepping Through the Process......Page 352
Summary......Page 362
14 ArcSight ESM v4.5 Implementation......Page 364
ArcSight Terminology and Concepts......Page 365
Overview of ArcSight Products......Page 366
ArcSight ESM v4.5 Architecture Overview......Page 372
Planning Your Deployment......Page 375
Initial Installation......Page 377
Summary......Page 389
15 ArcSight ESM v4.5 Advanced Techniques......Page 390
Operations: Dealing with Data......Page 391
Managing Assets and Networks......Page 400
Management and Troubleshooting......Page 403
Summary......Page 416
Appendix: The Ways and Means of the Security Analyst......Page 418
A......Page 450
C......Page 452
D......Page 454
F......Page 455
I......Page 456
L......Page 457
M......Page 458
N......Page 459
P......Page 460
Q......Page 461
S......Page 462
T......Page 464
Z......Page 465

✦ Subjects

Информатика и вычислительная техника;Информационная безопасность;Аудит информационной безопасности;

📜 SIMILAR VOLUMES

Managing Event Information: Modeling, Re
📁 Managing Event Information: Modeling, Retrieval, and Applications
✍ Amarnath Gupta, Ramesh Jain 📂 Library 📅 2011 🏛 Morgan & Claypool 🌐 English

With the proliferation of citizen reporting, smart mobile devices, and social media, an increasing number of people are beginning to generate information about events they observe and participate in. A significant fraction of this information contains multimedia data to share the experience with the