In this presentation we cover basic knowledge about siem . -What is siem -How It works -Siem Process -Siem capabilities -Some snaps of VARNOIS(Tools that use for getting logs"LOGS aggregation" and then apply some machine algorithms to see about logs that logs are risky OR not). There are a lot of others vendors also who provided the tools for information and event management.like QRADAR is also one of the best tool by IBM.

1. SECURITY INFORMATION
AND EVENT
MANAGEMENT
SIEM

2. WHAT IS SIEM
LOG aggregation
 Centralized all security notifications from various
security technology (Firewalls ,IDs ,IPs ,Antivirus
console ,wireless active points and active
directories).
 It all generate tons of notification every day.
 Siem allows you to centralize all logs in one place
in set of report.
Add a Footer 2

3. HOW IT WORKS
Event management
RULES
• Repeat Attack-Login Source
• Brute force attacks, Password guessing
• Alert on 3 or more failed logins in 1 minute
from a single host.
• Active Directory, Syslog (Unix Hosts,
Switches, Routers, VPN)
3
RULE
GOAL
Trigger
Event

4. HOW IT WORKS
N o t i f i c a t i o n
 Simply logged
 Written in report to be viewed later
 Immediate Attention
4
I n c i d e n t
 Sent by email / api
 How they can solve it

5. 5

6. 6

7. 7
Threats / Alerts

8. 8

9. 9

10. THANK YOU
10