Which two functions are offered by a security WMS, but may not be offered by a SIEM? (Choose two.)
- workflow automation
- events correlation
- events normalization
- logs management
- playbook management
| Explanation & Hint:
The two functions offered by a security WMS (Workflow Management System) but may not be offered by a SIEM (Security Information and Event Management) system are: Workflow automation: A security WMS is specifically designed to automate and manage security workflows and processes. It streamlines and automates various security tasks, such as incident response, threat hunting, and other security operations. This level of workflow automation is typically more specialized in a WMS than in a SIEM. Playbook management: A security WMS often provides the capability to define and manage security playbooks or standard operating procedures (SOPs) that guide the response to specific security incidents. Playbooks help standardize and automate incident response procedures, ensuring consistent and efficient responses to security events. While SIEM systems excel at events correlation, normalization, and logs management, their primary focus is on collecting, analyzing, and correlating security events and logs. Workflow automation and playbook management are more specialized functions typically associated with security workflow management systems. |