SIEM systems take data from different log files, such as those for firewalls, r
SIEM systems take data from different log files, such as those for firewalls, routers, web servers, and intrusion detection systems, and then normalize the data so it can be compared. SIEM systems are highly valuable in helping to spot attacks by sifting through raw log file data and coming up with relevant information.
The normalization process involves processing the logs into a readable and structured format, extracting important data from them, and mapping the information to standard fields in a database.
Answer the following question(s):
1. Would a SIEM system be valuable if it did not normalize data? Why or why not?
2. Does an organization that uses a SIEM system still need a human analyst? Why or why not?
Requirement: Note that the requirement is to post your initial response by 11:59 PM on Thursday and you must post two additional posts during the week by 11:59 PM on Sunday. I recommend your initial posting to be between 200-to-300 words. The replies to fellow students should range between 100-to-150 words. Please cite per APA rules/guidelines.
Make sure your responses do not duplicate the reactions of other students. Scan the answers provided by other students and post your comments or questions about their items in the discussion area.
Use the following checklist to support your work on the assignment:
I have engaged in a discussion of the assigned topics with at least two of my peers.
I have raised questions and solicited peer and instructor input on the topics discussed.
I have articulated my position clearly and logically.
I have supported my argument with data and factual information.
I have provided relevant citations and references to support my position on the issue discussed.
I have compared and contrasted my position with the perspectives offered by my peers and highlighted the critical similarities and differences.
I have solicited peer and instructor feedback on my arguments and propositions.
I have offered a substantive and critical evaluation of my peer’s perspective on the issues that is opposite of mine and supported my critical review with data and information.
I have followed the submission requirements.