Comprehensive and Detailed Step-by-Step Explanation:
Security Information and Event Management (SIEM) systems are designed to collect, analyze, and correlate data from multiple sources, making them the BEST choice for identifying and correlating intrusion attempt alerts.
A. Threat analytics software: While this can provide insights, it is not specialized for real-time correlation and alerting across various platforms.
B. Host intrusion detection system (HIDS): HIDS monitors individual hosts and detects intrusions, but it does not correlate alerts from multiple sources.
C. SIEM: This is the BEST answer because SIEM integrates logs from diverse systems, applies correlation rules, and provides actionable insights into intrusion attempts.
D. Network intrusion detection system (NIDS): While NIDS detects network-level anomalies, it does not correlate alerts from other systems.
[Reference: CISM Job Practice Area 3 (Information Security Program Development and Management) discusses tools and techniques for monitoring and detecting security events., , , , , , , ]
Submit