Log Management is a process that helps capture all data that goes through an information System. In relation to SIEM Log Management is a way to investigate suspicious activity and mitigate risk when it pertains to system breaches. Logs contain valuable information about events , activities and errors that occur within your system. Making logs essential when it comes to security monitoring, Incident response and compliance. As it pertains to cybersecurity, log managing is essential in identifying and investigating security incidents. Log managing offers improve security by reducing its attack surface by using centralized logging. This essentially means that log managing is able offer a holistic view of your network, systems or application this makes it easier for system administrators to troubleshoot issues. When you think of Log managing you can think of these 6 core components of log managing collection, monitoring, analysis, retention, index/searching and reporting. Collection is pretty self explanatory: it's the collection of data that passes through the given operating system the logging is taking place on. Monitoring tracks events and activities all in real time. Analysis is the process of viewing the log collection as a whole to identify security threats or other issues. Retention is the process in which helps decide how long data should be kept within a log file. Index or searching is the ability to sort through logs by simply searching for them. Lastly we have reporting which is a
0 commit comments