Explaining SIEM and SOC Services | OXEN Technology
ฝัง
- เผยแพร่เมื่อ 26 ม.ค. 2021
- Terry Allen, Senior Security Consultant at OXEN Technology, explains SIEM (Security Information & Event Management) and SOC (Security Operations Center) terms. How do they relate to each other, and what do they do?
This is part of our series on security services such as endpoint protection, virtual SOC, and network security monitoring.
OXEN TECHNOLOGY ONLINE
Website: oxen.tech/
Facebook: / oxentechnology
LinkedIn: / oxen-technology
Twitter: / oxentechnology - วิทยาศาสตร์และเทคโนโลยี
![CAMPปลิ้น | EP.75[1/2] ชวนแร็ปเปอร์เที่ยวประแสแบบไม่ต้องตามกระแส](http://i.ytimg.com/vi/J5ds2AxDp24/mqdefault.jpg)
![24 ชั่วโมง ซื้อของสีเดียว!! [Ver.2024]](http://i.ytimg.com/vi/TNPgzIMr_w8/mqdefault.jpg)
Thanks Terry, brief crisp and informative
I really liked it!
Useful info with simple illustration ❤️👏
Good stuff, thanks Terry for great explanation !
Thanks for the comment and feedback.
Thanks.....very informative.
Than you a much for this video it was Very useful but you guys must also use some procedures when there is a malicious event. For example if there is a single malicious event or a thousand?, how do you guys tackle this situation
👌👌👌
suppose you come across this situation how would you respond as a SOC analyst...SIEM tool generates around 10,000 or 1000 alerts in a short span of time unexpectedly . How can we check which one of them are false positives and TP quickly or do we analyze them one at a time
Hey Regish. I think this is one of the biggest challenges trying to collect massive amounts of data and telemetry on everything... while also trying to separate the things that are actionable alerts. In addition, we have the challenge of correlation... where X event might be innocent, and Y event might be innocent... but it we see events X & Y together, then we have something that is actionable. I am not a SOC analyst... but my growing understanding tells me that it is important to have a great outsourced partnership that is dedicated and focused on managing these aspects of SIEM data collection and SOC analysis of that data pool. Specifically to your question, I think it the trend line of "alerts" changed dramatically, I would start mining that data to understand where the deviation is coming from.
Thanks for your comment!