Appendix B

Security devices:

Types of security-relevant devices and systems that can be used to protect an organization and/or feed into a central logging server or SIEM system.

Active directory

Antivirus

Anything that can send SNMP alerts and is security relevant

Anything that can send syslog and is security relevant

Application logs

Asset management system

Authentication logs

Change management system

Database application logs

Data loss prevention

DHCP server

DNS server

DNS servers

Email filtering

Email logs

Evidence collector

Firewall (host/network)

File transfer monitor

Forensic analysis systems

Honeypots

Key management system

Network- and host-based intrusion detection/prevention systems

Intelligence tools

Netflow

Network access controls ...

Get Designing and Building Security Operations Center now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Designing and Building Security Operations Center by David Nathans