Which of the following should the security engineer do to ensure the logs are being properly retained?

An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporary solution, the IT department changed the log retention to 120 days .

Which of the following should the security engineer do to ensure the logs are being properly retained?
A . Configure a scheduled task nightly to save the logs
B . Configure event-based triggers to export the logs at a threshold.
C . Configure the SIEM to aggregate the logs
D .   Configure a Python script to move the logs into a SQL database.

View Answer

Answer: C

Explanation:

To ensure that logs from a legacy platform are properly retained beyond the default retention period, configuring the SIEM to aggregate the logs is the best approach. SIEM solutions are designed to collect, aggregate, and store logs from various sources, providing centralized log management and retention. This setup ensures that logs are retained according to policy and can be easily accessed for analysis and compliance purposes.

References:

CompTIA SecurityX Study Guide: Discusses the role of SIEM in log management and retention.

NIST Special Publication 800-92, "Guide to Computer Security Log Management": Recommends the use of centralized log management solutions, such as SIEM, for effective log retention and analysis.

"Security Information and Event Management (SIEM) Implementation" by David Miller: Covers best practices for configuring SIEM systems to aggregate and retain logs from various sources.