1
00:00:00,730 --> 00:00:07,920
With so many data types to analyze it is important to have a way to interpret information in a universal

2
00:00:07,920 --> 00:00:09,630
format.

3
00:00:09,950 --> 00:00:17,730
Some systems meet this need with the ability to collect data in multiple forms just to give you an idea

4
00:00:17,730 --> 00:00:21,210
of what type of event correlation can be done on a sim.

5
00:00:21,210 --> 00:00:25,750
We're going to take a look at the solar winds some server.

6
00:00:25,880 --> 00:00:32,510
So here is just the solar winds demo server that you can log into in under the monitor tab with the

7
00:00:32,510 --> 00:00:34,490
security option.

8
00:00:34,490 --> 00:00:37,100
You can see a list of security events.

9
00:00:37,100 --> 00:00:38,680
So click on that.

10
00:00:38,990 --> 00:00:45,550
If you look through here in the tool Elyas column you can see the different sources of these events.

11
00:00:45,590 --> 00:00:53,630
So we have windows log on events firewall denied connections as well as viruses that have been detected

12
00:00:53,990 --> 00:00:57,710
from the micro try and office scan tool.

13
00:00:57,710 --> 00:01:03,860
So as you can see we have all these different tools feeding in information and we can view everything

14
00:01:03,860 --> 00:01:07,420
from a central management point within the sim system

15
00:01:10,220 --> 00:01:13,270
to help the security community speak a common language.

16
00:01:13,400 --> 00:01:22,320
One referencing security data beris was created bears as a set of metrics designed to provide a common

17
00:01:22,320 --> 00:01:27,910
language for describing security incidents in a structured and reputable manner.

18
00:01:30,430 --> 00:01:35,980
If you'd like to read into various more I have the link available in the resources for this lecture.