SIEM systems take data from different log files, such as those for firewalls, routers, web servers, and intrusion detection systems, and then normalize the data so it can be compared. SIEM systems are highly valuable in helping to spot attacks by sifting through raw log file data and coming up with relevant information.
The normalization process involves processing the logs into a readable and structured format, extracting important data from them, and mapping the information to standard fields in a database.
Answer the following question(s):
- Would a SIEM system be valuable if it did not normalize data? Why or why not?
- Does an organization that uses a SIEM system still need a human analyst? Why or why not?
Fully address the questions in this discussion; provide valid rationale or a citation for your choices; and respond to at least two other students’ views.
0 comments