A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the
following BEST describes the information that should feed into a SIEM solution in order to adequately support
an investigation?
A. Logs from each device type and security layer to provide correlation of events
B. Only firewall logs since that is where attackers will most likely try to breach the network
C. Email and web-browsing logs because user behavior is often the cause of security breaches
D. NetFlow because it is much more reliable to analyze than syslog and will be exportable from every device
following BEST describes the information that should feed into a SIEM solution in order to adequately support
an investigation?
A. Logs from each device type and security layer to provide correlation of events
B. Only firewall logs since that is where attackers will most likely try to breach the network
C. Email and web-browsing logs because user behavior is often the cause of security breaches
D. NetFlow because it is much more reliable to analyze than syslog and will be exportable from every device