Without collecting and analysing logs, you have little chance of knowing what’s going on, or what’s happened. Every compliance standard recommends their use. Most Siem and SOAR tools use them mas there basis for analysis.
- Log management is generally considered the collection of event log information from at least key components within your infrastructure. This includes servers, Firewall, Networking devises, etc. Logs should be kept safe for 1 year. This is as often dictated by compliance (and good practice). Useful insight are uncovered. Logs should be held centrally (but securely), to allow quick and efficient searches. This helps with forensic investigations and general troubleshooting.
- SIEM Solutions are generally taking things to the next level. Here a collection of logs are used (often together) for analysis and co-relation. These system help the user understand what is going on in the environment faster, with inbuilt flows to detect issues quickly. SIEM solutions combine event correlation (making sense of the vast logs), threat intelligence, network and host based IDS, vulnerability scanning, etc. They present this in a dashboard format which effective prioritises events.
Want To Know More