Day-359: What are correlation rules?

Today I will discuss:1. What are correlation rules?2. How SIEM correlation rules work?3. What is Data normalization in SIEM?Gateway ⛩ to become Skilled-Cybersecurity Professional 🕴🕴🕴 https://luminisindia.com/goehm---A SIEM correlation rule tells your SIEM system which sequences of events could be indicative of anomalies which may suggest security weaknesses or cyber attack.When “x” and “y” or “x” and “y” plus “z” happens, your administrators should be notified.Here are some examples of SIEM correlation rules which illustrate this concept.1.) Detect new DHCP servers in your network by watching for inside or outside connections which use UDP packets (“x”), have port 67 as the destination (“y”), and the destination IP address isn’t on the registered IP list (“z”).2.) Warn administrators if five failed login attempts are tried with different usernames from the same IP to the same machine within fifteen minutes (“x”), if that event is followed by a successful login occuring from that same IP address to any machine inside the network (“y”).The first example could indicate a cyber attacker establishing a DHCP server to acquire malicious access to your network. Any authorized DHCP server would use one of your registered IP addresses!The second example could indicate a cyber attacker brute-forcing an authentication vector and then successfully acquiring authentication to your network. It could be a possible privilege escalation attack.Both SIEM correlation rules could be triggered by honest mistakes and simple user errors or technical glitches. But they’re also key indicators of cyber attack and security administrators should check them out right away!--_Do you want to become a Skilled-Cybersecurity Professional 🕴🕴🕴.Here is the gateway ⛩  https://luminisindia.com/goehm How to perform a 🔥🔥PENTESTING🔥🔥???🎯🎯 A Pentesting Mini Project🎯🎯https://www.youtube.com/watch?v=84gNIEmCEAA If you find the video content informative, please Like thevideo and 📣📣📣 share with your friends.Help your friends to understand cybersecurity. Also let me know of ✍✍✍what do you think of this video.Thanks, Meena R.Your 'Cyber Warrior' Friend_YOU CAN FOLLOW ME AT: Facebook Page : https://www.facebook.com/cybersec.prism Instagram:  https://www.instagram.com/meena.cyber.warrior/Linkedin Profile: https://www.linkedin.com/in/meena1/About ME: https://www.youtube.com/watch?v=T66K3K5Y2tIYouTube Channel: https://www.youtube.com/@cybersecurityforever8214Hear My Podcast: https://anchor.fm/meena-rLinkedin Page : Cybersecurity Prism https://www.linkedin.com/company/10117131/Facebook Group : Cybersecurity Forever https://www.facebook.com/groups/cybersec.forever/**Here are more resources:**-Cybersecurity HIGHLY informative articles for cybersecurityenthusiastic 🚀🚀🚀 (cyber-warrior)_https://luminisindia.com/cybersecurity-prism_You can also watch 👀 all the videos ofCybersecurity Series there:_Facebook Page : 👉👉👉  Cybersecurity Prismhttps://www.facebook.com/cybersec.prism/YouTube : https://www.youtube.com/@cybersecurityforever8214_Gateway ⛩ to Cybersecurity--https://luminisindia.com/goehm_The new Cyber Warrior's Command Guide For Ethical Hackers tohelp you learn faster..._✅ Grab a FREE Command Guide here:https://luminisindia.com/getcgeh_Are you willing to learn Networking now?Would you like to watch some videos of Networking, CCNARouting & Switching, etc?_https://luminisindia.com/networking-free_❓ Do you want to have thecomplete set of my CCNA Security powerpoint PRESENTATIONS ❓--https://luminisindia.com/free-ccna-security-presentations_

There are no comments yet.

Please log in to write the first comment.