Why taxonomy is critical
Download as DOCX, PDF0 likes120 views
The document discusses the importance of taxonomy in security information and event management (SIEM) systems, particularly highlighting how surelog utilizes extensive taxonomies for effective log analysis and event correlation. Normalizing data from various sources into a unified taxonomy reduces complexity and enhances the ability to generate reports and dashboards. Surelog's taxonomy capabilities are robust, featuring thousands of predefined categories that improve pattern recognition and streamline cybersecurity operations.
Why taxonomy is critical
- 1. Why is taxonomy important? And Extensive SureLog SIEM Taxonomy Features How come SureLog detects things like a failed login from all brands and types of devices. The answer is in the taxonomy it uses. A taxonomy aids in pattern recognition and also improves the scope and stability of correlation rules. When events from heterogeneous sources are normalized they can be analyzed by a smaller number of correlation rules, which reduces deployment and support labor. In addition, normalized events are easier to work with when developing reports and dashboards Using normalized events and taxonomy categories is highly recommended in correlation because they make the rule easier to modify, maintain and apply to additional log sources. With the ability to translates all log types into a single taxonomy, Sureog provides immediate time-to-value in the application of SIEM, meaning customers are empowered to build, manage and effectively transform their businesses through a unified cybersecurity solution Taxonomy or event categorization is common in SIEM solution. The question is how strong, deep and powerful is your SIEM taxonomy capability? Almost all SIEM solutions have taxonomies for Successful Login Failed Login UserLogoff File Access Firewall Drop Firewall Accept ProcessStart ProcessStop SystemReboot SystemScanStart SystemScanStop SystemShutdown WebAccess Session Start Session Stop User Created User Deleted DeleteGroup DeleteDomainMember Password changed Account Modified Account Expired Attack Malicious VPN connected VPN Disconnected
- 2. But SureLog has thousands of more taxonomies like : MailServiceAccess MailServiceDenial MailSpamDenial ICMP CODE Destination Network Unknown UnusualICMPTraffic->ICMP Echo Reply UnusualICMPTraffic->ICMP Unassigned UnusualICMPTraffic->ICMP Host Unreachable UnusualICMPTraffic->ICMP Source Quench UnusualICMPTraffic->ICMP Redirect UnusualICMPTraffic->ICMP Alternate Host Address UnusualICMPTraffic->ICMP Echo Request UnusualICMPTraffic->ICMP Router Advertisement UnusualICMPTraffic->ICMP Router Selection UnusualICMPTraffic->ICMP Time Exceeded UnusualICMPTraffic->ICMP Parameter Problem MachineAuthTicket MachineLogoff MachineLogon ICMP CODE Alternate Address for Host Multicast Router Advertisement ICMP CODE Destination Unreachable for Service ICMP CODE Destination is Administratively Prohibited WebTrafficAudit->Adware VirusTrafficAccess->Web Content VirusTrafficAccess->Adware FileTransferTrafficAudit->Adware NamingTrafficAudit->Zone Transfer UnusualUDPTraffic->ICMP IPv6 Where-are-you UnusualUDPTraffic UnusualTCPTraffic ApplicationTrafficAudit->Access Denied WebTrafficAudit->Header Malformed PingOfDeathDenial LandAttackDenial LinkControlAccess LinkControlDenial LinkControlTrafficAudit MachineAuthAudit MachineLogonFailure MachineModifyAttribute MachineModifyPrivileges SureLog has more than 1000 taxonomies.