Security+ SY0-601: 4.3: Appropriate Data Sources for Investigation

Chapter 28: Appropriate Data Sources for Investigation

Vulnerability Scan Output

SIEM Dashboards

Sensor

Sensitivity

Trends

Alerts

Correlation

SIEM: Security Incident Event Management

Aggregation

Correlation

Automated Alerts and Triggers

Time synchronization

Deduplication

Log analysis

Log files

Network

System

Application

Security

Web

DNS

Authentication

Dump files

VoIP and call managers

Session Initiation Protocol (SIP) traffic

syslog/rsyslog/syslog-ng

The greatest logging system, period. It can handle logging from Unix, Linux, Windows, Mac and LOTS of devices.

https://en.wikipedia.org/wiki/Syslog

journalctl

Here’s a quick and easy how-to:

https://www.geeksforgeeks.org/journalctl-command-in-linux-with-examples/

NXLog

Ah, a free Community Edition. As it should be:

https://nxlog.co/

Bandwidth monitors

Metadata

Email

Mobile

Web

File

Netflow/sFlow

Netflow

https://en.wikipedia.org/wiki/NetFlow

sFlow

https://en.wikipedia.org/wiki/SFlow

https://www.paessler.com/netflow_monitoring

IPFIX

https://en.wikipedia.org/wiki/IP_Flow_Information_Export

https://www.pcwdld.com/what-is-ipfix

Protocol analyzer output

https://wiki.wireshark.org/SampleCaptures