Case Study: Log and SIEM Tools
1. What options are there for ingesting data from a unified threat management (UTM) appliance deployed on the network edge to an SIEM?
2. Which two factors do you need to account for when correlating an event timeline using an SIEM?
3. True or false? Syslog uses a standard format for all message content.
4. Which default port do you need to allow on any internal firewalls to allow a host to send messages by syslog to an SIEM management server?