Each day, a security analyst spends time examining logs and events from different systems and applications to quickly detect security threats. What function of the Security Information Event Management (SIEM) technology does this action represent?

Each day, a security analyst spends time examining logs and events from different systems and applications to quickly detect security threats. What function of the Security Information Event Management (SIEM) technology does this action represent?

• aggregation
• correlation
• retention
• forensic analysis

Explanation: The four essential functions of SIEM are:

• Forensic analysis - search logs and event records from sources throughout the organization for information for forensic analysis.
• Correlation - Examines logs and events from disparate systems or applications, speeding detection of and reaction to security threats.
• Aggregation - Aggregation reduces the volume of event data by consolidating duplicate event records.
• Retention - Reporting presents the correlated and aggregated event data in real-time monitoring and long-term summaries.

Exam with this question: Module 22: Quiz – Network Security Testing Network Security