From the course: Network Forensics
Join today to access over 25,500 courses taught by industry experts.
Splunk
- [Instructor] Security information and event management or SIEM systems like Splunk collect and analyze network forensics data generated by many sources, including intrusion detection systems or IDSes, intrusion prevention systems, or IPSes, and vulnerability management systems. SIEM focuses on monitoring, logging, and analyzing network security events in real time. The ultimate goal of SIEM is to alert human operators when suspicious or anomalous activities are detected. The main difference between SIEM and systems such as IDS, IPS, and vulnerability management systems is that SIEM is much more capable of managing network security data and tracing network events in scope and capacity. SIEM also provides a much more comprehensive and holistic view of your network beyond specific intrusion attempts or known vulnerabilities by leveraging IDS, IPS, and vulnerability management system data and correlating them. Due to the recent advances in data science, SIEM systems are starting to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.