Saturday, January 18, 2020
Lab
The main function demonstrated by Spunk where the ability to quickly analyze data and show correlations in the data. This builds more secure operations, because data can be compiled and analyzed in minutes instead of hours and days. Thus any necessary action by operations personnel and security personnel can take place in a reasonable amount of time. Spunk also can monitor server events and report alerts as needed to alert personnel to ongoing or current issues. 3.What types of ââ¬Å"Data Inputsâ⬠are available in Spunk and most other log management tools? Spunk can receive data inputs from event log collection, remote event log collections, files and directories, local performance monitoring, remote performance monitoring TCP, UDP, Registry monitoring active directory monitoring, and scripts. 4. What types of ââ¬Å"Alert Conditionsâ⬠are available in Spunk and most other log management tools? A. A Basic Conditional Alert is a trigger that is set off when a certain number Of alerts that have been scheduled is surpassed. . An Advanced Conditional Alert is a trigger that is set off when a secondary alert is met in addition to the primary scheduled alert. 5. What types of ââ¬Å"Alert Actionsâ⬠are available in Spunk and most other log management tools? Basic alerting, Advanced alerts and confining options, Real-time alerting and throttling, and Alert Manager 6. What is the search string for the ââ¬Å"windows-fletching- failureâ⬠pre-configured Search? 7. What is the search string for the performance_snapshot automated Job which comes pre-configured? . Provide at least five (5) examples of security or operations related Windows Management Reports and Searches that are pre-configured and available within Spunk 9. What Chart Types are available for a search or report within Spunk? There are column, line, area, bar, pie, scatter, radial gauge, filler gauge, and marker gauge. 10. What Scheduled Search did you configure to Alert and/or Report wit hin Spunk to help your AOL of Implementing Security Operations Management Best Practices?Explain the reasoning behind scheduling this particular alert. I would schedule the prefigured search, errors in the last hour, to run every hour. This would allow me to see any errors that are relatively new that I could look into quickly. Ideally alerts in real time would be better, but if just choosing one to run while another search is developed this would be good.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.