OSINT

GridAssociationMatrixFillable.pdf

STUDENT USE ONLY

Student:

(LastName)_____________________(FirstName)_______________

Class______________________Section______________Semester:___________________

Week:________________Project:___________________________________

Instructions:

For identifying SIEM/Security products:

Identify and rank 10 components (data sets or logs) that can be imported to a SIEM - rank them

upon, do this with 2 separate SIEM products (LogRythm, Splunk, QRadar, ArcSight, AlienVault,

NuSiem, Dell SecureWorks, Rapid 7) Rank according to Application Programming Interface

(API):

API rating "0" - Data integration is not possible with non-proprietary data sets

API rating "1" - manual retrieval of information

API rating "2" - We can produce API

API rating "3" - Community will produce API

API rating "4" - Organization will produce and deploy API

API rating "5" - Existing API produced and backed by Vendor

For Cost Associations (Highest cost to Lowest cost):

1 – ________________ to _________________ (example over $50,000)

2 – ________________ to _________________ (example $40,000 to $49,999)

3 – ________________ to _________________ (example $25,000 to $39,999)

4 – ________________ to _________________ (example $10,000 to $24,999)

5 – ________________ to _________________ (example under $9,999)

For Identifying Indicators of Compromise (IoC):

Rank according to:

1 – No association (validated or confirmed)

2 – Suspected not association

3 – Association unknown (status unknown)

4 – Suspected association

5 – Association confirmed (validated or confirmed)