SOC Experts Community - Beta
0 like 0 dislike
69 views
in SIEM by (1.2k points)

3 Answers

0 like 0 dislike
by (5k points)
It depends on the company's requirements. Some sources mostly include firewall, proxy etc.
1 like 0 dislike
by (250 points)
ODBC, WINDOWS, SYSLOG, SOLARIS, SNMP, CHECKPOINT, NETFLOW,VMWARE
1 like 0 dislike
by (810 points)

Below are some log source which we can use in SIEM.

Security Events:

  1. IDS & IPS
  2. Endpoint Security (Antivirus, antimalware)
  3. Data Loss Prevention (DLP)
  4. VPN Concentrators
  5. Web Filters

Network Logs

  1. Firewalls
  2. Routers
  3. Switches
  4. DNS Servers
  5. Wireless Access Points
  6. WAN
  7. Data Transfers

Applications and Devices

  1. Application Servers
  2. Databases
  3. Intranet Applications
  4. Web Applications
  5. SaaS Applications
  6. Cloud-Hosted Servers
  7. End-User Laptops or Desktops

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses

Categories

...