Started work on the Security Information and Event Management section of the SOC Level 1.
SIEMs are systems that collect and process logs from various systems, sources, and endpoints. This data can then be processed and output in an easy-to-view format, depending on the SIEM product. These systems can also be configured with rules that trigger alerts based on criteria that may require investigation. By freeing up an Analyst’s time from manually reviewing thousands of logs for an issue, the system can process this information and alert for further investigation as needed.
This section covered SIEM systems such as ELK and Splunk, which are used in many companies for log aggregation and alerting.
