SIEM for ITIL Incident Response - Part 2 - AlienVault
SIEM for ITIL Incident Response - Part 2 - AlienVault
SIEM for ITIL Incident Response - Part 2 - AlienVault
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
9Flow DiagramSecurityControlSecurityControlSecurityControlCriticalSystemCriticalSystemCriticalSystem<strong>SIEM</strong> may have some<strong>Incident</strong>ManagementTrackingLog AggregationLog Correlation<strong>SIEM</strong> may have someAsset ManagementCapability/IntegrationAsset Management<strong>SIEM</strong><strong>Incident</strong>RecordsCorrelation RuleTuningPopulate<strong>Incident</strong>RecordList of CorrelatedAlerts Prioritized ByAssetRoot Cause InvestigationRisk ManagementOrg ManagementChangeManagementConfigManagement<strong>Incident</strong> <strong>Response</strong> AnalystsRecord Resolutionin <strong>Incident</strong> RecordEscalate To Remediate<strong>Incident</strong>/Issue(Where these are available)