Q1. What is SIEM?
Ans-Security information and event management.
A security event is a change in the everyday operations of a network or information technology service indicating that a security policy may have been violated or asecurity safeguard may have failed.
Q2. SIEM deployment.
Ans-The logs is collected by an connector.The log source could be an network device , an endpoint etc.Then the collector normalizes, filters events and then forwards logs to manager.
Q3. What is an Manager in Arcsight?
Ans-Manager is an heart of an SIEM(here it is arccsight) where all the main processing takes place.It correlates event , process events.
Q4. Function of an arcisght connector?
Ans-An arcsight connector recives logs. Normalizes events using normalization, filter events.After collecting event data from network nodes, they normalize the data in two ways: normalizing values (such as severity,
priority, and time zone) into a common format, and normalizing the data structure into a
common schema. SmartConnectors can then filter and aggregate events to reduce the
volume of events sent to the Manager, which increases ESM’s efficiency and accuracy, and reduces event processing time.