Professional Documents
Culture Documents
Visibility Pillar - Security Operations Fundamentals
Visibility Pillar - Security Operations Fundamentals
Visibility
Pillar
The Visibility pillar enables the SecOps team to use tools and
technology to capture network traffic, limit access to certain
URL’s determine which applications are being used by end
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 1/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 2/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 3/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
Click each tab to learn about the two elements that capture data.
Network traffic can be captured by firewalls, IDS/IPS, proxies, routers, switches, and
standalone traffic capture technologies. Logging your network traffic provides the Security
Operations organization with the visibility to view traffic for the purpose of doing detailed
analysis and advanced investigations. Analysts should have access to raw traffic logs when
specific traffic is associated with an alert or when a staff member makes a query.
Cloud Computing
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 6/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
Application Monitoring
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 7/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
By monitoring applications, the SecOps team can gain additional context about specific
applications that were used when an event was triggered. It goes beyond port identification
Security
and Operations
recognizes theFundamentals
application used, which can lead credence to proving an IoC was enacted
or that the event triggered was a false positive.
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 8/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 9/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 10/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
Asset Management
Case Management
The CEO of Pumpice has asked Erik and the team to send a status report
to the entire organization regarding current security incidents and their
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 11/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
What tool or technology can Erik and What tool or technology can Erik and
the SecOps team use to provide the SecOps team use to detect and
visibility into HTTPS traffic to find IOCs prevent accidental or malicious release
or high-fidelity indicators? of proprietary or sensitive information?
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 12/13
6/26/24, 2:33 PM Visibility Pillar - Security Operations Fundamentals
Case management
Knowledge management
Asset management
Threat management
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aef166fa169d45ab50 13/13