Arcsight interview question

Q1. What  is SIEM?

Ans-Security information and event management.

A security event is a change in the everyday operations of a network or information technology service indicating that a security policy may have been violated or asecurity safeguard may have failed.

Q2. SIEM deployment.

Ans-The logs is collected by an connector.The log source could be an network device , an endpoint etc.Then the collector normalizes, filters events and then forwards logs to manager.

Q3. What is an Manager in Arcsight?

Ans-Manager is an heart of an SIEM(here it is arccsight) where all the main processing takes place.It correlates event , process events.

Q4. Function of an arcisght connector?

Ans-An arcsight connector recives logs. Normalizes events using normalization, filter events.After collecting event data from network nodes, they normalize the data in two ways: normalizing values (such as severity,
priority, and time zone) into a common format, and normalizing the data structure into a
common schema. SmartConnectors can then filter and aggregate events to reduce the
volume of events sent to the Manager, which increases ESM’s efficiency and accuracy, and reduces event processing time.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s