“... An attacker, after gaining control over a compromised machine/account, tends to stop all such agent services ... To counter such malformed actions, SIEM should be configured to raise an alert if a host stops forwarding logs...”
http://resources.infosecinstitute.com/top-6-seim-use-cases/
No comments:
Post a Comment