1
Q
What can be forwarded via email?
A
Only Alerts can be forwarded via email
2
Q
How can other information be forwarded?
A
Other information (as well as alerts) may be forwarded via Syslog
3
Q
Why might you configure forwarding conditions?
A
So Alerts get sent not only to the SEIM and SOC, but also to the Operations center managing the OT device
4
Q
What format are Syslog messages sent using? Can the message be edited? If so, how?
A
CEF, LEEF and JSON(Splunk) are the standard formats, but they can be edited by adding any available tag from the SilentDefense properties database.
FSDA
flashcards
Decks in class (15)
# Cards
-
Chapter_1_Introduction to SilentDefense9
-
Chapter_2_SilentDefense Initial Configuration and Concepts5
-
Chapter_3_Visual Analytics – Flow Information5
-
Chapter_4_Asset Inventory4
-
Chapter_5_ICS Patrol Sensor4
-
Chapter_6_Alerts & cases4
-
Chapter_7_Network Logs2
-
Chapter_8_Sensor Built-in Detection Modules3
-
Chapter_9_LAN Communication Profiler (LAN CP)4
-
Chapter_10_Industrial Threat Library(ITL) and SD Scripts2
-
Chapter_11_CVE's and IoC's7
-
Chapter_12_Forwarding4
-
Chapter_13_Housekeeping4
-
Chapter_14_SilentDefense in the Forescout Platform4
-
Appendix: ICS Overview23
