CISSP - Security Operations - Section 7.2
Conduct logging and monitoring activities including IDS/IPS, SIEM, SOAR, threat intelligence, UEBA, and continuous monitoring.
Configure and operate SIEM, SOAR, IDS/IPS, and UEBA platforms in conjunction with threat intelligence feeds to support continuous monitoring of the security posture. Distinguish between detection capabilities so that alert triage correctly separates genuine threats from tuning noise.
SIEMSOARIDS/IPSthreat intelligenceUEBAcontinuous monitoring
More in this domain
Back to all Security Operations objectives, or the CISSP cert hub.
Examworthy is not affiliated with or endorsed by (ISC)2. Original, blueprint-aligned practice material only.