Siem 101

What is the best method for those who do not want to manage an agent software?

A) agentless

Which product’s agent software is called “Universal Forwarder”?

A) splunk

Which one is not the function of a log aggregator?

A) Analysis

What is the EPS of a SIEM system that receives 150,000 logs per minute?

A) 2500

Is updating data (changing values, deleting values, etc.) very important for SIEM data storage?

A) N

Which one is the most important for SIEM storage?

A) Speed

There are two IP addresses that are definitely malicious. Which method should be used to create an alert when these IP addresses are accessed?

A) Blacklist

The whitelist method is not only very effective but also very easy to manage.” Is that true or false?

A) false