//Top 10 use cases to implement

Top 10 SIEM use cases to implement

With the growing demand for SIEM solutions, companies would like to have at their fingertips the answers to any number of security and business challenges that pop up during their day-to-day operations.

These are the top 10 SIEM use cases and behaviors that LogPoint can detect in your infrastructure. If you’d like more information about any of these use cases or have any use cases you find particularly relevant, please reach out. We’d love to hear from you!

LogPoint SIEM use case for authentication activities

Authentication activities

Abnormal authentication attempts or off-hour authentication attempts, for example, using data from Windows, Unix and any other authentication applications.

LogPoint SIEM use case for shared accounts

Shared accounts

Multiple sources (internal or external) making session requests for a user account during a given timeframe, using login data from sources like Windows, Unix and others.

LogPoint SIEM use case for session activities

Session activities

Session duration and inactive sessions using data related to session logins, specifically from the Windows server.

LogPoint SIEM use case for connection details

Connections details

Suspicious behavior such as connection attempts on closed ports, blocked internal connections, connections made to bad destinations and using data from firewalls, network devices or flow data. External sources can be used to discover the domain name, country and geographical origin of the threat.

LogPoint SIEM use case for abnormal administrative behavior

Abnormal administrative behavior

Monitoring inactive accounts, accounts with unchanged passwords and abnormal account management activities using data from AD account management-related activities.

LogPoint SIEM use case for information theft

Information theft

Data exfiltration attempts and information leakage through emails using data from sources such as mail servers or file sharing applications.

LogPoint SIEM use case for vulnerability scanning and correlation

Vulnerability scanning and correlation

Identification and correlation of security vulnerabilities detected by applications against other suspicious events.

LogPoint SIEM use case for statistical analysis

Statistical analysis

Monitoring relations like ratio of inbound to outbound bandwidth usage, data usage per application or response time comparison.

LogPoint SIEM use case for intrusion detection and infections

Intrusion detection and infections

Can be accomplished using data from IDS/IPS, antivirus, anti-malware applications and others.

LogPoint SIEM use case for system change activities

System change activities

Can be executed using data for configuration changes, audit configuration changes, policy changes, policy violations, etc.