A security analyst at a large corporation is evaluating the logs from various systems to prepare for a threat intelligence briefing. Which of the following sources is likely to provide the most directly relevant threat intelligence for the organization's unique environment?
External threat intelligence reports issued by government agencies
Networking equipment logs
Security information and event management (SIEM) system logs
Security information and event management (SIEM) systems collect and aggregate log data from multiple sources within an organization, making them an invaluable source for internal threat intelligence. The relevance is high because the data is specific to the organization’s own environment. Networking equipment logs are also internal, but they may not provide the aggregation and correlation that a SIEM system offers. External threat reports provide useful information about threats in the wild but may lack direct applicability to the organization's specific context. Staff surveys can reflect perceptions or experiences of security threats but do not provide the actionable technical details typically found in SIEM logs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are SIEM systems and how do they work?
Open an interactive chat with Bash
What types of logs do SIEM systems typically collect?
Open an interactive chat with Bash
Why are networking equipment logs less relevant for direct threat intelligence than SIEM logs?