We are in the complex world where attacks are increasing day by day, so today the cyber intelligence depends on SIEM as a part of infosec (security incident and event management).
Most companies depend on logs and packets to have a better view.. above 90 % of them are working with logs rather than packets. People, process, and technology will be a triangle for security operations.
Security Triangle
From this post, you will be knowing that what are logs and how they are parsed through SIEM for better visibility for an analyst to handle an incident.
Logs are an essential part of each device. logs are meaningful elements which can show relevant information about end-user activities to security analyst under SOC(Security Operation Center) and it is also part of the review for audit and compliance.
Let’s take the scenario that the Windows operating system may be your event source and Analyst at another end. What are the activities you are performing from power on to power off will be logged and logs will be sent to Security Operation Center. Users unusual activities will be recorded as an incident in Security operation center.
Logs are three types which will be triggered according to your activities performed in your system