Network Monitoring, SIEM Concepts, Incident Detection
Cyber Log — October 18, 2025
Focus Areas: Network Monitoring, SIEM Concepts, Incident Detection
Objectives
Develop understanding of network-monitoring techniques and incident-detection workflows within enterprise environments.
Activities & Labs
- Studied SIEM architecture and log-collection methods.
- Reviewed correlation rules and alert-tuning processes.
- Compared switch-based port mirroring vs network taps for visibility.
Knowledge & Concept Highlights
- Network taps operate as passive inline devices; port mirroring is switch software-based.
- SIEM centralizes log correlation and enables detection of patterns across data sources.
- Importance of log normalization for accurate analytics.
Reflections & Takeaways
Understood how monitoring points affect visibility and detection quality.
Logging without context produces noise; correlation provides meaning.
End of Log — October 18, 2025