{"id":381,"date":"2020-02-11T10:42:16","date_gmt":"2020-02-11T10:42:16","guid":{"rendered":"https:\/\/www.samarthya.me\/wps\/?p=381"},"modified":"2020-02-11T10:42:16","modified_gmt":"2020-02-11T10:42:16","slug":"siem-security-information-and-event-management","status":"publish","type":"post","link":"https:\/\/blog.samarthya.me\/wps\/2020\/02\/11\/siem-security-information-and-event-management\/","title":{"rendered":"SIEM: Security Information and Event Management."},"content":{"rendered":"\n<p>Data is key to any analytics, and if it can be <strong>organized<\/strong>, <strong>normalized<\/strong> and made available for correlated analysis, the results will be more concise. <strong>Elastic.co<\/strong> has a SIEM UI and the XPack security pack that helps the new age security analysts.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Elastic SIEM is built on top of Elastic stack<\/p><\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">ECS : Elastic common schema<\/h2>\n\n\n\n<p>The key aspect is normalization of data from the disparate sources into one common schema called ECS &#8211; Elastic common schema.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It is an <a href=\"https:\/\/github.com\/elastic\/ecs\/\">open source<\/a> specification<\/li><li>Defines common set of fields to record events (from log &amp; metrics)<ul><li>Defines field name &amp; data type for each field<\/li><\/ul><\/li><li>Open for extension (permissive schema)<\/li><\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>The goal of ECS is to enable and encourage users of Elasticsearch to normalize their event data, so that they can better analyze, visualize, and correlate the data represented in their events. <\/p><cite>elastic.co<\/cite><\/blockquote>\n\n\n\n<p>More details on guidelines can be found <a href=\"https:\/\/www.elastic.co\/guide\/en\/ecs\/current\/ecs-guidelines.html\">here<\/a>.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"https:\/\/www.samarthya.me\/wps\/wp-content\/uploads\/2020\/02\/Screenshot-2020-02-11-at-12.57.13-PM-1024x580.png\" alt=\"\" class=\"wp-image-386\" srcset=\"https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2020\/02\/Screenshot-2020-02-11-at-12.57.13-PM-1024x580.png 1024w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2020\/02\/Screenshot-2020-02-11-at-12.57.13-PM-300x170.png 300w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2020\/02\/Screenshot-2020-02-11-at-12.57.13-PM-768x435.png 768w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2020\/02\/Screenshot-2020-02-11-at-12.57.13-PM-1536x870.png 1536w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2020\/02\/Screenshot-2020-02-11-at-12.57.13-PM-2048x1161.png 2048w, https:\/\/blog.samarthya.me\/wps\/wp-content\/uploads\/2020\/02\/Screenshot-2020-02-11-at-12.57.13-PM-850x482.png 850w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>Kibana: Siem UI<\/figcaption><\/figure><\/div>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Elastic end point security is the latest acquisition that furthers the security aspect in Elastic.<\/p><\/blockquote>\n\n\n\n<p>Some helpful links below<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.elastic.co\/guide\/en\/ecs\/current\/ecs-field-reference.html\">https:\/\/www.elastic.co\/guide\/en\/ecs\/current\/ecs-field-reference.html<\/a><\/li><li><a href=\"https:\/\/www.elastic.co\/endpoint-security\">https:\/\/www.elastic.co\/endpoint-security<\/a><\/li><\/ul>\n\n\n\n<p>Please note SIEM is only available on trial license, Platinum and Elastic cloud versions only.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">&#8230; to be continued.<\/h4>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Data is key to any analytics, and if it can be organized, normalized and made available for correlated analysis, the results will be more concise. Elastic.co has a SIEM UI and the XPack security pack that helps the new age security analysts. Elastic SIEM is built on top of Elastic stack ECS : Elastic common [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":383,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[34],"tags":[32,33],"class_list":["post-381","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technical","tag-elastic","tag-siem"],"_links":{"self":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/posts\/381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/comments?post=381"}],"version-history":[{"count":0,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/posts\/381\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/media\/383"}],"wp:attachment":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/media?parent=381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/categories?post=381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/tags?post=381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}