Implementación de monitoreo a equipos y servidores críticos mediante herramienta SIEM-Security Information and Event Management

Abstract

Information Security refers to confidentiality, integrity and availability of information and important data for the organization, this being the most important asset of any entity. The SIEM monitoring tools (segurity information and event management), allow the network administrator, by means of logical rules, choose certain specific events of interest, allowing the Security analyst perform various monitoring tasks, and diagnosis from a single working interface. The Windows operating system, in its different versions, allows this monitoring to be carried out in the different devices that have it, these events are classified among application, security, system and information events. However, not all events represent a risk for the entity, in this document the analysis and validation stages carried out for the design and implementation are exposed of monitoring critical hosts and servers with Windows and Windows Server operating systems.