An organization's security team detects multiple unauthorized changes in the configuration files of a crucial server. Which of the following tools would BEST help identify who made the changes and when?
Endpoint Detection and Response (EDR)
Packet capture tools
Domain Name Service (DNS) and Internet Protocol (IP) reputation tools
Log analysis tools are designed to capture detailed information about system events, including user activities such as file modifications. Security Information and Event Management (SIEM) systems can collect, correlate, and analyze logs from various sources to provide comprehensive insights into unauthorized changes. Other tools mentioned, such as packet capture tools and endpoint detection tools, are effective for network traffic examination and endpoint analysis but do not provide as detailed information on user activities related to file changes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Security Information and Event Management (SIEM) system?
Open an interactive chat with Bash
How do log analysis tools help in identifying unauthorized changes?
Open an interactive chat with Bash
Why are packet capture tools and Endpoint Detection and Response (EDR) not ideal for this situation?