Security Information and Event Management (SIEM) is a technology that provides
real-time reporting and long-term analysis of security events. Two SIEM platforms used by
organizations are Splunk and Security Onion with ELK.
6. Which Windows host log event type describes the successful operation of an application, driver, or
NetFlow does not capture the entire contents of a packet. Instead, NetFlow collects
metadata, or data about the flow, not the flow data itself. NetFlow information can be viewed
with tools such as nfdump and FlowViewer.
12. Which type of data is used by Cisco Cognitive Intelligence to find malicious activity that has
bypassed security controls, or entered through unmonitored channels, and is operating inside an
Cisco Cognitive Intelligence utilizes statistical data for statistical analysis in order
to find malicious activity that has bypassed security controls, or entered through unmonitored
channels (including removable media), and is operating inside the network of an organization.