Time synchronization is important but it is asking about most Important. We need to ensure data sources does not contain information infringing upon privacy regulations. We need to either mask, anonymize or remove privacy data before sending to SIEM. This should be most important task.
Time synchronisation is obviously the most important thing.
But how can the SIEM administrator influence the time of each reporting system??
Even if the SIEM admin tries to insert some correction in the received timestamps, the source systems time could deviate more and more over time. IMHO there is no way for the receiver to ensure a synchronous time.
CISSP OFFICIAL GUIDE 9TH EDITION. PG829:Logging systems should also make use of the Network Time Protocol (NTP) to ensure
that clocks are synchronized on systems sending log entries to the SIEM as well as the SIEM
itself. This ensures that information from multiple sources has a consistent timeline.
Information security managers should also periodically conduct log reviews, particularly
for sensitive functions, to ensure that privileged users are not abusing their privileges. For
example, if an information security team has access to eDiscovery tools that allow searching
through the contents of individual user files, security managers should routinely review the
logs of actions taken by those administrative users to ensure that their file access relates to legitimate eDiscovery initiatives and does not violate user privacy
Privacy regulations compliance is a must for SIEM administrator to ensure that the data sources do not contain information infringing upon privacy regulations.
It is important that all sources are synchronized with a common time reference because it ensures that the events being logged and analyzed are correctly correlated and accurately reflect the order in which they occurred. This is important for properly identifying and investigating security incidents, as well as for creating reports and performing analytics on the data. If the sources are not synchronized, the data may be misleading or confusing, which can hinder the effectiveness of the SIEM system.
Time is one of the most important things when it comes to the analysis of log information collected from security devices.
https://resources.infosecinstitute.com/certification/security-technologies-and-tools-siem/
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CCNPWILL
5 months, 4 weeks agohomeysl
1 year, 1 month agoccKane
1 year, 1 month agoMShaaban
1 year, 3 months agoDeepCyber
1 year, 5 months agodmo_d
1 year, 6 months agoErnestokoro
1 year, 8 months agojackdryan
1 year, 6 months agoconur87
1 year, 10 months agoDJOEK
1 year, 10 months agoIvanchun
1 year, 11 months agordy4u
2 years ago