SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf
-
Upload
mehmet-kilic -
Category
Technology
-
view
133 -
download
2
Transcript of SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf
![Page 1: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/1.jpg)
SIEM – VAR OLAN VERİLERİN ANLAMI
MEHMET KILIÇ – GÖKHAN ALKAN
![Page 2: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/2.jpg)
İÇERİK
SIEM Nedir? Ne Değildir?
SIEM Ürünleri
SIEM Yetenekleri
HP ArcSight
IBM QRadar
Etkin Log Korelasyonu
![Page 3: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/3.jpg)
”
“ SIEM is defined as a complex set of technologies brought together to provide a holistic view into a technical infrastructure. Depending on who you talk to, there are about five different popular opinions on what the letters stand for
Security Information and Event Management
![Page 4: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/4.jpg)
SIEM ÜRÜNLERİ
![Page 5: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/5.jpg)
SIEM YETENEKLERİ
• Event/Log Toplama• Normalizasyon• Korelasyon• Aggregation• Raporlama• Alarm• Log Yönetimi (Regülasyonlar)
![Page 6: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/6.jpg)
SIEM ÖZELLİKLERİ
![Page 7: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/7.jpg)
İŞLEYİŞ/SÜREÇ
SIEM
![Page 8: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/8.jpg)
HP ARCSIGHT COMMAND CENTER
![Page 9: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/9.jpg)
HP ARCSIGHT COMMAND CENTER
![Page 10: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/10.jpg)
HP ARCSIGHT CONSOLE
![Page 11: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/11.jpg)
ARCSIGHT LOG ENTEGRASYONU
• ArcSight SmartConnector• Alınmak İstenen Log Kaynağı ?• ArcSight’ın Doğrudan Desteği Bulunuyor mu?• ArcSight FlexConnector
![Page 12: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/12.jpg)
IBM QRADAR
![Page 13: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/13.jpg)
IBM QRADAR LOG AKTİVİTESİ
![Page 14: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/14.jpg)
IBM QRADAR OFFENSES
![Page 15: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/15.jpg)
IBM QRADAR LOG ENTEGRASYONU• Log Sources
![Page 16: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/16.jpg)
ETKİN LOG KORELASYONU
![Page 17: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/17.jpg)
SIEM VE TEHDİT İSTİHBARATI
• Command and Controller Tespiti • Malicious Connections• Email Pattern
![Page 18: SIEM – VAR OLAN VERİLERİN ANLAMI - Hacktrickconf](https://reader036.fdocument.pub/reader036/viewer/2022062503/586f767b1a28ab10258b648d/html5/thumbnails/18.jpg)
TEŞEKKÜRLER
???