{"id":7464,"date":"2026-06-05T11:38:21","date_gmt":"2026-06-05T09:38:21","guid":{"rendered":"https:\/\/logmanager.com\/?post_type=learning_hub&#038;p=7464"},"modified":"2026-06-09T16:43:00","modified_gmt":"2026-06-09T14:43:00","slug":"siem-systemy-prakticke-scenare-vyuziti","status":"publish","type":"learning_hub","link":"https:\/\/logmanager.com\/cs\/learn\/siem-systemy-prakticke-scenare-vyuziti\/","title":{"rendered":"8 praktick\u00fdch zp\u016fsob\u016f vyu\u017eit\u00ed SIEM syst\u00e9m\u016f"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">SIEM syst\u00e9my (Security Information and Event Management) jsou jedn\u00edm z kl\u00ed\u010dov\u00fdch pil\u00ed\u0159\u016f IT bezpe\u010dnosti st\u0159edn\u00edch a v\u011bt\u0161\u00edch organizac\u00ed. D\u00edky sb\u011bru a korelaci log\u016f nap\u0159\u00ed\u010d cel\u00fdm IT prost\u0159ed\u00edm pom\u00e1haj\u00ed odhalovat bezpe\u010dnostn\u00ed hrozby, vy\u0161et\u0159ovat incidenty, monitorovat kritick\u00e9 syst\u00e9my a celkov\u011b udr\u017eovat p\u0159ehled o d\u011bn\u00ed v infrastruktu\u0159e.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ka\u017ed\u00e1 organizace p\u0159itom vyu\u017e\u00edv\u00e1 SIEM trochu jinak. Zat\u00edmco n\u011bkter\u00e9 se zam\u011b\u0159uj\u00ed p\u0159edev\u0161\u00edm na detekci kompromitovan\u00fdch \u00fa\u010dt\u016f nebo ransomwarov\u00fdch \u00fatok\u016f, jin\u00e9 kladou d\u016fraz na podporu compliance, monitoring cloudov\u00fdch prost\u0159ed\u00ed nebo proaktivn\u00ed vyhled\u00e1v\u00e1n\u00ed hrozeb (threat hunting).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">V tomto \u010dl\u00e1nku se pod\u00edv\u00e1me na osm nejb\u011b\u017en\u011bj\u0161\u00edch zp\u016fsob\u016f vyu\u017eit\u00ed SIEM syst\u00e9m\u016f a vysv\u011btl\u00edme, co obn\u00e1\u0161ej\u00ed a pro\u010d jsou d\u016fle\u017eit\u00e9.<\/p>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p><strong>TL;DR<\/strong><\/p>\n<p>SIEM syst\u00e9my dnes p\u0159edstavuj\u00ed z\u00e1klad digit\u00e1ln\u00ed bezpe\u010dnosti st\u0159edn\u00edch a velk\u00fdch organizac\u00ed. Poskytuj\u00ed centralizovanou viditelnost nap\u0159\u00ed\u010d IT prost\u0159ed\u00edm a umo\u017e\u0148uj\u00ed propojit jednotliv\u00e9 ud\u00e1losti do ucelen\u00e9ho obrazu, kter\u00fd analytik\u016fm d\u00e1v\u00e1 kontext pot\u0159ebn\u00fd pro rychl\u00e9 a spr\u00e1vn\u00e9 rozhodov\u00e1n\u00ed.<\/p>\n<p>Nejv\u011bt\u0161\u00ed hodnotu p\u0159in\u00e1\u0161ej\u00ed SIEMy p\u0159i aktivit\u00e1ch jako:<\/p>\n<ul>\n<li>detekce kompromitovan\u00fdch \u00fa\u010dt\u016f,<\/li>\n<li>odhalov\u00e1n\u00ed ransomwaru,<\/li>\n<li>monitoring privilegovan\u00fdch u\u017eivatel\u016f,<\/li>\n<li>identifikace exfiltrace dat,<\/li>\n<li>ochrana cloudov\u00fdch prost\u0159ed\u00ed,<\/li>\n<li>threat hunting.<\/li>\n<\/ul>\n<p>Aby bylo mo\u017en\u00e9 t\u011bmito zp\u016fsoby SIEM efektivn\u011b pou\u017e\u00edvat, je d\u016fle\u017eit\u00e9 v\u011bnovat pr\u016fb\u011b\u017enou pozornost kvalit\u011b log\u016f, jejich parsov\u00e1n\u00ed, korela\u010dn\u00edm pravidl\u016fm a pr\u016fb\u011b\u017en\u00e9mu lad\u011bn\u00ed alert\u016f.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">K \u010demu se pou\u017e\u00edv\u00e1 SIEM syst\u00e9m?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">V mnoha organizac\u00edch jsou relevantn\u00ed bezpe\u010dnostn\u00ed ud\u00e1losti rozpt\u00fdleny nap\u0159\u00ed\u010d des\u00edtkami syst\u00e9m\u016f. Autentiza\u010dn\u00ed logy, upozorn\u011bn\u00ed z endpoint\u016f, ud\u00e1losti z firewall\u016f, cloudov\u00e1 aktivita, aplika\u010dn\u00ed data\u2026 samostatn\u011b mohou tyto ud\u00e1losti p\u016fsobit nevinn\u011b nebo spolu zd\u00e1nliv\u011b nesouviset.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Pr\u00e1v\u011b zde spo\u010d\u00edv\u00e1 hlavn\u00ed p\u0159\u00ednos SIEM syst\u00e9m\u016f. Automaticky sb\u00edraj\u00ed logy a ud\u00e1losti z r\u016fzn\u00fdch zdroj\u016f, umo\u017e\u0148uj\u00ed jejich rychl\u00e9 prohled\u00e1v\u00e1n\u00ed, korelaci a identifikaci ne\u017e\u00e1douc\u00edch vzorc\u016f chov\u00e1n\u00ed, jejich\u017e odhalen\u00ed by bylo manu\u00e1ln\u011b velmi n\u00e1ro\u010dn\u00e9, ne-li nemo\u017en\u00e9.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Mezi nej\u010dast\u011bj\u0161\u00ed zp\u016fsoby pou\u017eit\u00ed SIEMu pat\u0159\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>korelace ud\u00e1lost\u00ed nap\u0159\u00ed\u010d r\u016fzn\u00fdmi syst\u00e9my,<\/li>\n\n\n\n<li>detekce neobvykl\u00e9 nebo rizikov\u00e9 aktivity,<\/li>\n\n\n\n<li>odhalov\u00e1n\u00ed insider threat sc\u00e9n\u00e1\u0159\u016f,<\/li>\n\n\n\n<li>zkr\u00e1cen\u00ed doby pot\u0159ebn\u00e9 pro vy\u0161et\u0159ov\u00e1n\u00ed a reakci,<\/li>\n\n\n\n<li>centralizace bezpe\u010dnostn\u00ed viditelnosti,<\/li>\n\n\n\n<li>podpora compliance a auditn\u00edch po\u017eadavk\u016f,<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u00dasp\u011b\u0161nost t\u011bchto sc\u00e9n\u00e1\u0159\u016f v\u0161ak do zna\u010dn\u00e9 m\u00edry z\u00e1vis\u00ed na kvalit\u011b vstupn\u00edch dat.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Pokud jsou logy ne\u00fapln\u00e9, nekonzistentn\u00ed nebo rozpt\u00fdlen\u00e9 mezi nesouvisej\u00edc\u00edmi syst\u00e9my, vy\u0161et\u0159ov\u00e1n\u00ed se zpomaluje. Pro \u201eoptim\u00e1ln\u00ed\u201c vyu\u017eit\u00ed SIEMu v praxi jsou proto d\u016fle\u017eit\u00e9 funkce jako normalizace log\u016f, centralizovan\u00fd sb\u011br dat, rychl\u00e9 vyhled\u00e1v\u00e1n\u00ed nebo spr\u00e1vn\u011b nastaven\u00e9 alerty.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Jednodu\u0161e \u0159e\u010deno, SIEM je pouze tak dobr\u00fd, jak kvalitn\u00ed jsou data, kter\u00e1 do n\u011bj p\u0159ich\u00e1zej\u00ed. Chyb\u011bj\u00edc\u00ed logy, nekonzistentn\u00ed parsov\u00e1n\u00ed, nadm\u011brn\u00e9 mno\u017estv\u00ed alert\u016f nebo \u0161patn\u011b nastaven\u00e1 detek\u010dn\u00ed pravidla mohou v\u00fdrazn\u011b sn\u00ed\u017eit efektivitu cel\u00e9ho \u0159e\u0161en\u00ed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Pod\u00edvejme se nyn\u00ed na prvn\u00ed z nej\u010dast\u011bj\u0161\u00edch sc\u00e9n\u00e1\u0159\u016f vyu\u017eit\u00ed SIEM.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Detekce podez\u0159el\u00e9 autentiza\u010dn\u00ed aktivity<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"942\" height=\"628\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-suspicious-activity.png\" alt=\"siem use case  suspicious activity detection illustration img\" class=\"wp-image-7404\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-suspicious-activity.png 942w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-suspicious-activity-300x200.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-suspicious-activity-768x512.png 768w\" sizes=\"auto, (max-width: 942px) 100vw, 942px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Hybridn\u00ed zp\u016fsob pr\u00e1ce, masivn\u00ed roz\u0161\u00ed\u0159en\u00ed SaaS aplikac\u00ed a vzd\u00e1len\u00fd p\u0159\u00edstup v\u00fdrazn\u011b zkomplikovaly rozli\u0161ov\u00e1n\u00ed mezi legitimn\u00edm a podez\u0159el\u00fdm chov\u00e1n\u00edm u\u017eivatel\u016f. Zam\u011bstnanci dnes b\u011bhem jedin\u00e9ho pracovn\u00edho dne b\u011b\u017en\u011b p\u0159istupuj\u00ed k syst\u00e9m\u016fm z r\u016fzn\u00fdch za\u0159\u00edzen\u00ed, lokalit a s\u00edt\u00ed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">VPN, Microsoft 365, cloudov\u00e9 platformy, webov\u00e9 aplikace i intern\u00ed syst\u00e9my p\u0159itom ka\u017ed\u00fd den vytv\u00e1\u0159ej\u00ed obrovsk\u00e9 mno\u017estv\u00ed autentiza\u010dn\u00edch ud\u00e1lost\u00ed. V praxi je drtiv\u00e1 v\u011bt\u0161ina z nich legitimn\u00ed. Skute\u010dnou v\u00fdzvou je pak identifikovat ty, kter\u00e9 mohou nazna\u010dovat kompromitovan\u00e9 p\u0159ihla\u0161ovac\u00ed \u00fadaje, neopr\u00e1vn\u011bn\u00fd p\u0159\u00edstup nebo zneu\u017eit\u00ed \u00fa\u010dtu.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Z\u00e1znamy o autentiza\u010dn\u00edch aktivit\u00e1ch jsou dnes jedny z nejd\u016fle\u017eit\u011bj\u0161\u00edch zdroj\u016f bezpe\u010dnostn\u00edch dat v modern\u00edm IT prost\u0159ed\u00ed. St\u00e1le toti\u017e plat\u00ed, \u017ee \u00fatoky zalo\u017een\u00e9 na zneu\u017eit\u00ed identity jsou jedn\u00edm z nej\u010dast\u011bj\u0161\u00edch zp\u016fsob\u016f, jak \u00fato\u010dn\u00edci z\u00edsk\u00e1vaj\u00ed p\u0159\u00edstup do syst\u00e9m\u016f. Nap\u0159\u00edklad podle zpr\u00e1vy Verizon DBIR byly v roce 2025 odcizen\u00e9 p\u0159ihla\u0161ovac\u00ed \u00fadaje sou\u010d\u00e1st\u00ed <a href=\"https:\/\/www.verizon.com\/business\/resources\/articles\/s\/frequently-asked-questions-on-credential-theft-prevention-and-protection\/\" target=\"_blank\" rel=\"noopener\">31 % v\u0161ech zaznamenan\u00fdch \u00fanik\u016f dat<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Jak vypad\u00e1 podez\u0159el\u00e1 autentiza\u010dn\u00ed aktivita?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">SIEM pom\u00e1h\u00e1 bezpe\u010dnostn\u00edm t\u00fdm\u016fm monitorovat aktivity typu:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>opakovan\u00e9 ne\u00fasp\u011b\u0161n\u00e9 pokusy o p\u0159ihl\u00e1\u0161en\u00ed,<\/li>\n\n\n\n<li>p\u0159ihl\u00e1\u0161en\u00ed z neobvykl\u00fdch geografick\u00fdch lokalit,<\/li>\n\n\n\n<li>sc\u00e9n\u00e1\u0159e Impossible Travel mezi jednotliv\u00fdmi relacemi,<\/li>\n\n\n\n<li>selh\u00e1n\u00ed v\u00edcefaktorov\u00e9ho ov\u011b\u0159en\u00ed (MFA) nebo opakovan\u00e9 MFA prompty,<\/li>\n\n\n\n<li>n\u00e1hl\u00e9 n\u00e1r\u016fsty po\u010dtu autentiza\u010dn\u00edch pokus\u016f,<\/li>\n\n\n\n<li>sou\u010dasn\u00e1 p\u0159ihl\u00e1\u0161en\u00ed z r\u016fzn\u00fdch lokalit,<\/li>\n\n\n\n<li>p\u0159ihl\u00e1\u0161en\u00ed administr\u00e1tor\u016f mimo b\u011b\u017enou pracovn\u00ed dobu.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Samotn\u00e9 ne\u00fasp\u011b\u0161n\u00e9 p\u0159ihl\u00e1\u0161en\u00ed je\u0161t\u011b nemus\u00ed p\u0159edstavovat probl\u00e9m. Riziko roste ve chv\u00edli, kdy se b\u011bhem kr\u00e1tk\u00e9ho \u010dasov\u00e9ho \u00faseku objev\u00ed v\u00edce vysoce rizikov\u00fdch ud\u00e1lost\u00ed souvisej\u00edc\u00edch se stejn\u00fdm \u00fa\u010dtem nebo IP adresou.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Typick\u00fdm p\u0159\u00edkladem m\u016f\u017ee b\u00fdt s\u00e9rie ne\u00fasp\u011b\u0161n\u00fdch VPN p\u0159ihl\u00e1\u0161en\u00ed n\u00e1sledovan\u00e1 \u00fasp\u011b\u0161n\u00fdm p\u0159ihl\u00e1\u0161en\u00edm do Microsoft 365 a n\u00e1slednou neobvyklou aktivitou v po\u0161tovn\u00ed schr\u00e1nce. Takov\u00e1 sekvence m\u016f\u017ee signalizovat kompromitaci \u00fa\u010dtu sp\u00ed\u0161e ne\u017e b\u011b\u017enou chybu u\u017eivatele.<\/p>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p><b>P\u0159\u00edklad dopadu kompromitovan\u00e9ho \u00fa\u010dtu v praxi<\/b><\/p>\n<p>V roce 2023 byl hotelov\u00fd \u0159et\u011bzec MGM Resorts nucen odstavit \u010d\u00e1sti sv\u00e9 IT infrastruktury v d\u016fsledku rozs\u00e1hl\u00e9ho <a href=\"https:\/\/www.tracesecurity.com\/blog\/articles\/lessons-learned-mgm-cyberattack\/\" target=\"_blank\" rel=\"noopener\">kybernetick\u00e9ho \u00fatoku<\/a>.<\/p>\n<p>\u00dato\u010dn\u00edci podle dostupn\u00fdch informac\u00ed z\u00edskali po\u010d\u00e1te\u010dn\u00ed p\u0159\u00edstup pomoc\u00ed technik soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed, kter\u00e9 jim umo\u017enily kompromitovat syst\u00e9m spr\u00e1vy identit a n\u00e1sledn\u011b se pohybovat nap\u0159\u00ed\u010d prost\u0159ed\u00edm. Jakmile \u00fato\u010dn\u00edci z\u00edskali legitimn\u00ed p\u0159\u00edstup, dok\u00e1zali se \u0161\u00ed\u0159it p\u0159es propojen\u00e9 syst\u00e9my a naru\u0161it kl\u00ed\u010dov\u00e9 obchodn\u00ed operace.<\/p>\n<p>\u00datok uk\u00e1zal, jak rychle mohou kybernetick\u00e9 hrozby zalo\u017een\u00e9 na zneu\u017eit\u00ed identity eskalovat, jakmile \u00fato\u010dn\u00edci z\u00edskaj\u00ed p\u0159\u00edstup k legitimn\u00edm \u00fa\u010dt\u016fm.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">2. Vy\u0161et\u0159ov\u00e1n\u00ed incident\u016f nap\u0159\u00ed\u010d v\u00edce syst\u00e9my<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"939\" height=\"627\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-incident-investigation.png\" alt=\"SIEM use case incident investigation illustration img\" class=\"wp-image-7407\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-incident-investigation.png 939w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-incident-investigation-300x200.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-incident-investigation-768x513.png 768w\" sizes=\"auto, (max-width: 939px) 100vw, 939px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Bezpe\u010dnostn\u00ed incidenty se jen z\u0159\u00eddka t\u00fdkaj\u00ed jednoho syst\u00e9mu nebo se projev\u00ed jedn\u00edm alertem.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Vy\u0161et\u0159ov\u00e1n\u00ed proto krom\u011b ji\u017e zm\u00edn\u011bn\u00fdch autentiza\u010dn\u00edch log\u016f obvykle zahrnuje anal\u00fdzu aktivit a upozorn\u011bn\u00ed z endpoint\u016f, logy z firewall\u016f, cloudov\u00fdch slu\u017eeb, z\u00e1znamy o p\u0159\u00edstupu k soubor\u016fm i administrativn\u00ed zm\u011bny.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Pokud jsou tyto informace ulo\u017eeny v r\u016fzn\u00fdch n\u00e1stroj\u00edch a platform\u00e1ch, co\u017e je v praxi b\u011b\u017en\u00e9, st\u00e1v\u00e1 se rekonstrukce pr\u016fb\u011bhu incidentu v\u00fdrazn\u011b slo\u017eit\u011bj\u0161\u00ed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A pr\u00e1v\u011b v konsolidaci data spo\u010d\u00edv\u00e1 jedna z hlavn\u00edch v\u00fdhod SIEM. Umo\u017e\u0148uje analyzovat incident jako souvislou sekvenci ud\u00e1lost\u00ed v jedn\u00e9 platform\u011b nam\u00edsto zkoum\u00e1n\u00ed izolovan\u00fdch z\u00e1znam\u016f v jednotliv\u00fdch syst\u00e9mech.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Sestaven\u00ed \u010dasov\u00e9 osy incidentu<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">P\u0159i vy\u0161et\u0159ov\u00e1n\u00ed pot\u0159ebuj\u00ed analytici obvykle zjistit:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>jak byl z\u00edsk\u00e1n prvotn\u00ed p\u0159\u00edstup,<\/li>\n\n\n\n<li>kter\u00e9 syst\u00e9my byly zasa\u017eeny,<\/li>\n\n\n\n<li>zda do\u0161lo k later\u00e1ln\u00edmu pohybu \u00fato\u010dn\u00edka v prost\u0159ed\u00ed,<\/li>\n\n\n\n<li>co v\u0161e se stalo po kompromitaci.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Analytik m\u016f\u017ee nap\u0159\u00edklad sledovat, jak kompromitovan\u00fd \u00fa\u010det nejprve nav\u00e1zal VPN spojen\u00ed, n\u00e1sledn\u011b se p\u0159ihl\u00e1sil do Microsoft 365, vyvolal podez\u0159elou aktivitu na endpointu a pot\u00e9 se pokusil z\u00edskat p\u0159\u00edstup ke sd\u00edlen\u00fdm s\u00ed\u0165ov\u00fdm \u00falo\u017ei\u0161t\u00edm.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Zobrazen\u00ed t\u011bchto aktivit v podob\u011b \u010dasov\u00e9 osy v\u00fdrazn\u011b usnad\u0148uje pochopen\u00ed rozsahu incidentu i zp\u016fsobu jeho v\u00fdvoje.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Obecn\u011b, jedn\u00edm z nejv\u011bt\u0161\u00edch probl\u00e9m\u016f p\u0159i reakci na incidenty neb\u00fdv\u00e1 nedostatek dat, ale jejich rozt\u0159\u00ed\u0161t\u011bnost. Analytici \u010dasto tr\u00e1v\u00ed zna\u010dn\u00e9 mno\u017estv\u00ed \u010dasu p\u0159ep\u00edn\u00e1n\u00edm mezi n\u00e1stroji, porovn\u00e1v\u00e1n\u00edm \u010dasov\u00fdch zna\u010dek a ov\u011b\u0159ov\u00e1n\u00edm souvislost\u00ed mezi jednotliv\u00fdmi ud\u00e1lostmi.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Centralizovan\u00e1 viditelnost, kterou SIEM poskytuje, tuto pr\u00e1ci v\u00fdrazn\u011b zjednodu\u0161uje a pom\u00e1h\u00e1 urychlit vy\u0161et\u0159ov\u00e1n\u00ed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Jak SIEM syst\u00e9m podporuje vy\u0161et\u0159ov\u00e1n\u00ed incident\u016f<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Rychlost a p\u0159ehled jsou p\u0159i vy\u0161et\u0159ov\u00e1n\u00ed bezpe\u010dnostn\u00edch incident\u016f kl\u00ed\u010dov\u00e9. Bezpe\u010dnostn\u00ed t\u00fdmy pot\u0159ebuj\u00ed rychle prohled\u00e1vat obrovsk\u00e9 objemy dat, p\u0159ech\u00e1zet mezi souvisej\u00edc\u00edmi syst\u00e9my a \u00fa\u010dty a identifikovat podez\u0159elou aktivitu, ani\u017e by musely ru\u010dn\u011b porovn\u00e1vat logy z des\u00edtek r\u016fzn\u00fdch n\u00e1stroj\u016f.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Mezi nejd\u016fle\u017eit\u011bj\u0161\u00ed funkce SIEM n\u00e1stroj\u016f pro \u00fa\u010dely vy\u0161et\u0159ov\u00e1n\u00ed pat\u0159\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>centralizovan\u00e9 uchov\u00e1v\u00e1n\u00ed log\u016f,<\/li>\n\n\n\n<li>rychl\u00e9 vyhled\u00e1v\u00e1n\u00ed a filtrov\u00e1n\u00ed,<\/li>\n\n\n\n<li>nastaven\u00ed korelace ud\u00e1lost\u00ed,<\/li>\n\n\n\n<li>anal\u00fdza \u010dasov\u00e9 osy,<\/li>\n\n\n\n<li>dashboardy a vizualizace.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Rychl\u00e9 vy\u0161et\u0159ov\u00e1n\u00ed je d\u016fle\u017eit\u00e9 nap\u0159\u00edklad p\u0159i ransomwarov\u00fdch \u00fatoc\u00edch a zneu\u017eit\u00ed p\u0159ihla\u0161ovac\u00edch \u00fadaj\u016f, kde se \u00fato\u010dn\u00edci mohou po z\u00edsk\u00e1n\u00ed p\u0159\u00edstupu pohybovat syst\u00e9my velmi rychle.<\/p>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p><b>P\u0159\u00edklad z praxe: vy\u0161et\u0159ov\u00e1n\u00ed kompromitace prost\u0159ednictv\u00edm phishingu<\/b><\/p>\n<p>Zam\u011bstnanec zadal sv\u00e9 p\u0159ihla\u0161ovac\u00ed \u00fadaje na phishingov\u00e9 str\u00e1nce maskovan\u00e9 jako p\u0159ihla\u0161ovac\u00ed port\u00e1l Microsoft 365. Kr\u00e1tce pot\u00e9 n\u00e1sledovalo:<\/p>\n<ul>\n<li>\u00fasp\u011b\u0161n\u00e9 p\u0159ihl\u00e1\u0161en\u00ed do Microsoft 365 z neobvykl\u00e9 lokace,<\/li>\n<li>aktivita stejn\u00e9ho \u00fa\u010dtu p\u0159es firemn\u00ed VPN,<\/li>\n<li>podez\u0159el\u00e9 spu\u0161t\u011bn\u00ed PowerShellu na intern\u00edm za\u0159\u00edzen\u00ed,<\/li>\n<li>pokusy o p\u0159\u00edstup k intern\u00edm sd\u00edlen\u00fdm soubor\u016fm.<\/li>\n<\/ul>\n<p>D\u00edky korelaci autentiza\u010dn\u00edch, endpointov\u00fdch a s\u00ed\u0165ov\u00fdch ud\u00e1lost\u00ed analytici rekonstruovali cel\u00fd pr\u016fb\u011bh \u00fatoku, identifikovali kompromitovan\u00e9 syst\u00e9my a rychle zah\u00e1jili n\u00e1pravn\u00e1 opat\u0159en\u00ed.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">3. Detekce malwaru a ransomwaru<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"943\" height=\"627\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-malware-detection.png\" alt=\"SIEM use case malware detection img\" class=\"wp-image-7409\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-malware-detection.png 943w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-malware-detection-300x199.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-malware-detection-768x511.png 768w\" sizes=\"auto, (max-width: 943px) 100vw, 943px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Ransomwarov\u00e9 \u00fatoky zpravidla neza\u010d\u00ednaj\u00ed okam\u017eit\u00fdm \u0161ifrov\u00e1n\u00edm dat. \u00dato\u010dn\u00edci \u010dasto nejprve z\u00edskaj\u00ed p\u0159\u00edstup do prost\u0159ed\u00ed, eskaluj\u00ed opr\u00e1vn\u011bn\u00ed, deaktivuj\u00ed bezpe\u010dnostn\u00ed mechanismy a mapuj\u00ed infrastrukturu, ne\u017e p\u0159istoup\u00ed k samotn\u00e9mu \u00fatoku.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Tato f\u00e1ze vytv\u00e1\u0159\u00ed p\u0159\u00edle\u017eitost k odhalen\u00ed podez\u0159el\u00e9 aktivity je\u0161t\u011b p\u0159ed t\u00edm, ne\u017e dojde k v\u00fdznamn\u00e9mu naru\u0161en\u00ed provozu.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Mezi typick\u00e9 indik\u00e1tory kompromitace pat\u0159\u00ed nap\u0159\u00edklad:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>neobvykl\u00e9 spou\u0161t\u011bn\u00ed PowerShellu,<\/li>\n\n\n\n<li>neo\u010dek\u00e1van\u00e1 odchoz\u00ed s\u00ed\u0165ov\u00e1 komunikace,<\/li>\n\n\n\n<li>hromadn\u00e9 zm\u011bny soubor\u016f nebo jejich \u0161ifrov\u00e1n\u00ed,<\/li>\n\n\n\n<li>deaktivace bezpe\u010dnostn\u00edch n\u00e1stroj\u016f,<\/li>\n\n\n\n<li>neobvykl\u00e1 eskalace opr\u00e1vn\u011bn\u00ed,<\/li>\n\n\n\n<li>podez\u0159el\u00e9 autentiza\u010dn\u00ed ud\u00e1losti nebo p\u0159\u00edstupy k syst\u00e9m\u016fm.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Typick\u00fdm p\u0159\u00edkladem je situace, kdy kompromitovan\u00fd \u00fa\u010det za\u010dne p\u0159istupovat k server\u016fm nebo syst\u00e9m\u016fm, se kter\u00fdmi b\u011b\u017en\u011b nepracuje. N\u00e1sledn\u011b doch\u00e1z\u00ed k administrativn\u00edm zm\u011bn\u00e1m, pokus\u016fm o vypnut\u00ed bezpe\u010dnostn\u00edch n\u00e1stroj\u016f a dal\u0161\u00edm aktivit\u00e1m, kter\u00e9 mohou nazna\u010dovat p\u0159\u00edpravu na ransomwarov\u00fd \u00fatok.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">D\u00edky korelaci ud\u00e1lost\u00ed z endpoint\u016f, s\u00ed\u0165ov\u00fdch prvk\u016f a identitn\u00edch syst\u00e9m\u016f m\u016f\u017ee SIEM pomoci takov\u00e9 chov\u00e1n\u00ed odhalit v ran\u00e9 f\u00e1zi incidentu.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Jak SIEM pom\u00e1h\u00e1 odhalovat ransomware<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Kl\u00ed\u010dov\u00e9 je identifikovat kombinaci v\u00edce varovn\u00fdch sign\u00e1l\u016f d\u0159\u00edve, ne\u017e dojde k later\u00e1ln\u00edmu pohybu nebo dal\u0161\u00edmu roz\u0161\u00ed\u0159en\u00ed \u00fatoku v prost\u0159ed\u00ed. Modern\u00ed SIEM platformy k tomu vyu\u017e\u00edvaj\u00ed korelaci ud\u00e1lost\u00ed, behavior\u00e1ln\u00ed anal\u00fdzu, informace z threat intelligence zdroj\u016f a mechanismy pro prioritizaci a t\u0159\u00edd\u011bn\u00ed alert\u016f (takzvan\u00e1 <a href=\"https:\/\/logmanager.com\/cs\/learn\/co-je-triage\/\" data-type=\"link\" data-id=\"https:\/\/logmanager.com\/cs\/learn\/co-je-triage\/\">alert triage<\/a>).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Bezpe\u010dnostn\u00ed t\u00fdmy tak mohou rychleji rozpoznat vznikaj\u00edc\u00ed \u00fatok, sn\u00ed\u017eit mno\u017estv\u00ed fale\u0161n\u011b pozitivn\u00edch upozorn\u011bn\u00ed a zam\u011b\u0159it pozornost na skute\u010dn\u011b rizikov\u00e9 ud\u00e1losti.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">SIEM z\u00e1rove\u0148 pom\u00e1h\u00e1 odpov\u011bd\u011bt na kl\u00ed\u010dov\u00e9 ot\u00e1zky p\u0159i vy\u0161et\u0159ov\u00e1n\u00ed incidentu:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kter\u00e9 syst\u00e9my byly zasa\u017eeny?<\/li>\n\n\n\n<li>Pokusil se \u00fato\u010dn\u00edk o later\u00e1ln\u00ed pohyb?<\/li>\n\n\n\n<li>Kdy se objevily prvn\u00ed zn\u00e1mky kompromitace?<\/li>\n\n\n\n<li>Do\u0161lo k p\u0159\u00edstupu k z\u00e1loh\u00e1m nebo administrativn\u00edm syst\u00e9m\u016fm?<\/li>\n\n\n\n<li>Jak\u00e9 \u00fa\u010dty byly zneu\u017eity?<\/li>\n\n\n\n<li>Jak\u00fd byl rozsah a \u010dasov\u00e1 osa \u00fatoku?<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Posledn\u00ed dv\u011b ot\u00e1zky jsou mimochodem velmi d\u016fle\u017eit\u00e9, proto\u017ee pr\u00e1v\u011b rozsah kompromitace a zneu\u017eit\u00e9 identity pat\u0159\u00ed mezi nej\u010dast\u011bj\u0161\u00ed oblasti, kter\u00e9 analytici po ransomwarov\u00e9m incidentu zji\u0161\u0165uj\u00ed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. Monitoring privilegovan\u00fdch u\u017eivatel\u016f<\/h3>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"946\" height=\"628\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-priviledged-user-activity-monitoring.png\" alt=\"SIEM use case privileged user activity monitoring img\" class=\"wp-image-7411\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-priviledged-user-activity-monitoring.png 946w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-priviledged-user-activity-monitoring-300x199.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-priviledged-user-activity-monitoring-768x510.png 768w\" sizes=\"auto, (max-width: 946px) 100vw, 946px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Privilegovan\u00e9 \u00fa\u010dty disponuj\u00ed rozs\u00e1hl\u00fdmi opr\u00e1vn\u011bn\u00edmi k syst\u00e9m\u016fm, infrastruktu\u0159e a citliv\u00fdm dat\u016fm. Obvykle zahrnuj\u00ed opr\u00e1vn\u011bn\u00ed ke zm\u011bn\u011b bezpe\u010dnostn\u00edch nastaven\u00ed, spr\u00e1v\u011b u\u017eivatel\u016f, administraci kritick\u00fdch syst\u00e9m\u016f nebo \u00faprav\u00e1m konfigurace infrastruktury. Jak\u00e1koli aktivita prov\u00e1d\u011bn\u00e1 t\u011bmito \u00fa\u010dty proto m\u016f\u017ee m\u00edt v\u00fdrazn\u011b v\u011bt\u0161\u00ed dopad ne\u017e b\u011b\u017en\u00e1 u\u017eivatelsk\u00e1 \u010dinnost.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Monitoring privilegovan\u00fdch \u00fa\u010dt\u016f tak pat\u0159\u00ed mezi nejd\u016fle\u017eit\u011bj\u0161\u00ed zp\u016fsoby pou\u017eit\u00ed SIEM, zejm\u00e9na ve v\u011bt\u0161\u00edch organizac\u00edch nebo v siln\u011b regulovan\u00fdch odv\u011btv\u00edch.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Jak m\u016f\u017ee vypadat podez\u0159el\u00e1 aktivita privilegovan\u00fdch \u00fa\u010dt\u016f<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Bezpe\u010dnostn\u00ed t\u00fdmy \u010dasto sleduj\u00ed nap\u0159\u00edklad:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>zm\u011bny administr\u00e1torsk\u00fdch skupin a rol\u00ed,<\/li>\n\n\n\n<li>\u00fapravy nebo vypnut\u00ed MFA politik,<\/li>\n\n\n\n<li>vytv\u00e1\u0159en\u00ed nov\u00fdch privilegovan\u00fdch \u00fa\u010dt\u016f,<\/li>\n\n\n\n<li>zm\u011bny opr\u00e1vn\u011bn\u00ed servisn\u00edch a syst\u00e9mov\u00fdch \u00fa\u010dt\u016f,<\/li>\n\n\n\n<li>zm\u011bny identitn\u00edch a p\u0159\u00edstupov\u00fdch politik,<\/li>\n\n\n\n<li>neo\u010dek\u00e1van\u00fd p\u0159\u00edstup ke kritick\u00fdm syst\u00e9m\u016fm,<\/li>\n\n\n\n<li>neobvykle vysok\u00fd po\u010det administrativn\u00edch operac\u00ed,<\/li>\n\n\n\n<li>pou\u017eit\u00ed privilegovan\u00fdch \u00fa\u010dt\u016f mimo b\u011b\u017enou pracovn\u00ed dobu nebo z neobvykl\u00fdch lokalit.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pro\u010d jsou privilegovan\u00e9 \u00fa\u010dty atraktivn\u00edm c\u00edlem<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Privilegovan\u00e9 \u00fa\u010dty p\u0159edstavuj\u00ed pro \u00fato\u010dn\u00edky velmi cenn\u00fd c\u00edl, proto\u017ee umo\u017e\u0148uj\u00ed z\u00edskat rozs\u00e1hlou kontrolu nad prost\u0159ed\u00edm. Neopr\u00e1vn\u011bn\u00e9 zm\u011bny opr\u00e1vn\u011bn\u00ed, identitn\u00edch politik nebo administr\u00e1torsk\u00fdch skupin mohou b\u011bhem n\u011bkolika minut ovlivnit velkou \u010d\u00e1st infrastruktury.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u00dato\u010dn\u00edci se nav\u00edc jejich prost\u0159ednictv\u00edm \u010dasto sna\u017e\u00ed vytv\u00e1\u0159et nov\u00e9 privilegovan\u00e9 \u00fa\u010dty, oslabovat autentiza\u010dn\u00ed mechanismy nebo z\u00edskat dlouhodob\u00fd p\u0159\u00edstup do prost\u0159ed\u00ed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Monitoring privilegovan\u00fdch \u00fa\u010dt\u016f je proto kl\u00ed\u010dovou sou\u010d\u00e1st\u00ed bezpe\u010dnostn\u00edho dohledu zejm\u00e9na ve finan\u010dn\u00edm sektoru, zdravotnictv\u00ed nebo st\u00e1tn\u00ed spr\u00e1v\u011b.o create additional privileged accounts or weaken authentication controls to maintain access. Highly regulated industries often place particular emphasis on monitoring privileged account activity.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">5. Detekce exfiltrace dat a anom\u00e1li\u00ed v s\u00ed\u0165ov\u00e9m provozu<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"942\" height=\"627\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-data-exfiltration-monitoring.png\" alt=\"SIEM use case Identifying Data Exfiltration img\" class=\"wp-image-7413\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-data-exfiltration-monitoring.png 942w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-data-exfiltration-monitoring-300x200.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-data-exfiltration-monitoring-768x511.png 768w\" sizes=\"auto, (max-width: 942px) 100vw, 942px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Ne ka\u017ed\u00fd \u00fatok vede k za\u0161ifrov\u00e1n\u00ed dat nebo okam\u017eit\u00e9mu naru\u0161en\u00ed provozu. V mnoha p\u0159\u00edpadech je c\u00edlem \u00fato\u010dn\u00edk\u016f nen\u00e1padn\u011b z\u00edskat a odn\u00e9st citliv\u00e1 data z organizace, ani\u017e by vzbudili pozornost.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Typicky se jedn\u00e1 o z\u00e1kaznick\u00e1 data, finan\u010dn\u00ed informace, dokumenty souvisej\u00edc\u00ed s du\u0161evn\u00edm vlastnictv\u00edm, intern\u00ed dokumentaci nebo p\u0159ihla\u0161ovac\u00ed \u00fadaje.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Proto\u017ee b\u011b\u017en\u00fd provoz generuje obrovsk\u00e9 mno\u017estv\u00ed s\u00ed\u0165ov\u00e9 komunikace, m\u016f\u017ee b\u00fdt odhalen\u00ed po\u017e\u00e1douc\u00edch p\u0159enos\u016f bez \u0161ir\u0161\u00edho kontextu velmi obt\u00ed\u017en\u00e9. Pr\u00e1v\u011b zde hraje SIEM d\u016fle\u017eitou roli d\u00edky schopnosti korelovat s\u00ed\u0165ov\u00e9, autentiza\u010dn\u00ed a aplika\u010dn\u00ed ud\u00e1losti a identifikovat odchylky od b\u011b\u017en\u00e9ho chov\u00e1n\u00ed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Bezpe\u010dnostn\u00ed t\u00fdmy proto \u010dasto monitoruj\u00ed s\u00ed\u0165ovou aktivitu s c\u00edlem odhalit:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>velk\u00e9 objemy odchoz\u00edch p\u0159enos\u016f soubor\u016f,<\/li>\n\n\n\n<li>neobvykl\u00e9 nahr\u00e1v\u00e1n\u00ed dat do cloudov\u00fdch \u00falo\u017ei\u0161\u0165,<\/li>\n\n\n\n<li>komunikaci s neobvykl\u00fdmi nebo rizikov\u00fdmi extern\u00edmi IP adresami,<\/li>\n\n\n\n<li>n\u00e1hl\u00e9 n\u00e1r\u016fsty vyu\u017eit\u00ed s\u00ed\u0165ov\u00e9 kapacity,<\/li>\n\n\n\n<li>p\u0159enosy dat mimo b\u011b\u017enou pracovn\u00ed dobu,<\/li>\n\n\n\n<li>opakovan\u00e9 DNS dotazy na podez\u0159el\u00e9 nebo nov\u011b registrovan\u00e9 dom\u00e9ny,<\/li>\n\n\n\n<li>neobvyklou \u0161ifrovanou komunikaci do extern\u00edch destinac\u00ed,<\/li>\n\n\n\n<li>p\u0159\u00edstupy k velk\u00e9mu mno\u017estv\u00ed citliv\u00fdch soubor\u016f v kr\u00e1tk\u00e9m \u010dasov\u00e9m obdob\u00ed.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Samotn\u00fd objem p\u0159enesen\u00fdch dat nemus\u00ed p\u0159edstavovat probl\u00e9m. D\u016fle\u017eit\u011bj\u0161\u00ed je, zda se dan\u00e1 aktivita odchyluje od b\u011b\u017en\u00e9ho chov\u00e1n\u00ed konkr\u00e9tn\u00edho u\u017eivatele, \u00fa\u010dtu nebo syst\u00e9mu.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Nap\u0159\u00edklad finan\u010dn\u00ed pracovn\u00edk, kter\u00fd pozd\u011b v noci nahr\u00e1v\u00e1 velk\u00e9 mno\u017estv\u00ed soubor\u016f do nezn\u00e1m\u00e9 cloudov\u00e9 slu\u017eby, si pravd\u011bpodobn\u011b zaslou\u017e\u00ed bli\u017e\u0161\u00ed prov\u011b\u0159en\u00ed, i kdy\u017e samotn\u00fd p\u0159enos nemus\u00ed vykazovat zn\u00e1mky \u0161kodliv\u00e9 aktivity.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">D\u00edky korelaci ud\u00e1lost\u00ed a behavior\u00e1ln\u00ed anal\u00fdze m\u016f\u017ee SIEM takov\u00e9 anom\u00e1lie identifikovat a upozornit na potenci\u00e1ln\u00ed exfiltraci dat je\u0161t\u011b p\u0159ed t\u00edm, ne\u017e dojde k v\u00fdznamn\u00e9mu bezpe\u010dnostn\u00edmu incidentu.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pro\u010d je exfiltrace dat obt\u00ed\u017en\u011b odhaliteln\u00e1<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Modern\u00ed \u00fato\u010dn\u00edci se sna\u017e\u00ed sv\u00e9 aktivity maskovat jako b\u011b\u017en\u00fd provoz. To se d\u011bje nap\u0159\u00edklad tak, \u017ee p\u0159esouvaj\u00ed data postupn\u011b po mal\u00fdch d\u00e1vk\u00e1ch, vyu\u017e\u00edvaj\u00ed legitimn\u00ed cloudov\u00e9 slu\u017eby, pracuj\u00ed nen\u00e1padn\u011b prost\u0159ednictv\u00edm kompromitovan\u00fdch \u00fa\u010dt\u016f nebo prov\u00e1d\u011bj\u00ed p\u0159enosy b\u011bhem b\u011b\u017en\u00e9 pracovn\u00ed doby.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Pr\u00e1v\u011b proto je kontext, kter\u00fd SIEM um\u00ed poskytnout, zcela z\u00e1sadn\u00ed. Analytici jeho prost\u0159ednictv\u00edm mohou zkoumat autentiza\u010dn\u00ed ud\u00e1losti, nejr\u016fzn\u011bj\u0161\u00ed aktivity koncov\u00fdch za\u0159\u00edzen\u00ed, z\u00e1znamy o p\u0159\u00edstupech k soubor\u016fm a s\u00ed\u0165ovou komunikaci, aby posoudili rizikovost dan\u00e9ho p\u0159enosu dat.<\/p>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p><b>P\u0159\u00edklad z praxe: Odhalen\u00ed neobvykl\u00e9 odchoz\u00ed komunikace<\/b><\/p>\n<p>Zaj\u00edmav\u00fdm p\u0159\u00edkladem z praxe je incident, p\u0159i kter\u00e9m \u00fato\u010dn\u00edci z\u00edskali p\u0159\u00edstup do intern\u00ed s\u00edt\u011b severoamerick\u00e9ho kasina prost\u0159ednictv\u00edm <a href=\"https:\/\/www.forbes.com\/sites\/leemathews\/2017\/07\/27\/criminals-hacked-a-fish-tank-to-steal-data-from-a-casino\/\" target=\"_blank\" rel=\"noopener\">za\u0159\u00edzen\u00ed monitoruj\u00edc\u00edho akv\u00e1rium<\/a>, kter\u00e1 bylo p\u0159ipojen\u00e9 k internetu. Prost\u0159ednictv\u00edm tohoto za\u0159\u00edzen\u00ed \u00fato\u010dn\u00edci odeslali p\u0159ibli\u017en\u011b 10 GB intern\u00edch dat na IP adresu v Finsku.<\/p>\n<p>Tento incident, kter\u00fd ve fin\u00e1le nem\u011bl na kasino z\u00e1sadn\u011bj\u0161\u00ed dopad, b\u00fdv\u00e1 \u010dasto uv\u00e1d\u011bn jako uk\u00e1zka toho, jak mohou i zd\u00e1nliv\u011b nev\u00fdznamn\u00e1 za\u0159\u00edzen\u00ed p\u0159edstavovat bezpe\u010dnostn\u00ed riziko a generovat neobvyklou s\u00ed\u0165ovou aktivitu.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">6. odpora compliance a auditn\u00edch po\u017eadavk\u016f<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"942\" height=\"628\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-compliance-audit-support.png\" alt=\"SIEM use case compliance and audit support img\" class=\"wp-image-7415\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-compliance-audit-support.png 942w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-compliance-audit-support-300x200.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-compliance-audit-support-768x512.png 768w\" sizes=\"auto, (max-width: 942px) 100vw, 942px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Bezpe\u010dnostn\u00ed r\u00e1mce a regulace, jako jsou PCI DSS, HIPAA, ISO 27001, SOC 2 nebo po\u017eadavky vypl\u00fdvaj\u00edc\u00ed ze ZoKB a sm\u011brnice NIS2, vy\u017eaduj\u00ed, aby organizace zaznamen\u00e1valy, uchov\u00e1valy a byly schopny analyzovat bezpe\u010dnostn\u00ed ud\u00e1losti a p\u0159\u00edstupy k syst\u00e9m\u016fm.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">P\u0159esto\u017ee tyto p\u0159edpisy obvykle nena\u0159izuj\u00ed pou\u017eit\u00ed konkr\u00e9tn\u00ed technologie, mnoho organizac\u00ed vyu\u017e\u00edv\u00e1 SIEM jako centralizovanou platformu pro spr\u00e1vu, uchov\u00e1v\u00e1n\u00ed a anal\u00fdzu log\u016f.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Pln\u011bn\u00ed regulatorn\u00edch po\u017eadavk\u016f (takzvan\u00e1 <a href=\"https:\/\/logmanager.com\/cs\/learn\/co-je-it-compliance\/\">compliance<\/a>) je zalo\u017eeno p\u0159edev\u0161\u00edm na schopnosti uchov\u00e1vat a dohledat d\u016fkazy o bezpe\u010dnostn\u00edch a administrativn\u00edch aktivit\u00e1ch.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Organizace proto pot\u0159ebuj\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>uchov\u00e1vat logy po definovanou dobu,<\/li>\n\n\n\n<li>sledovat p\u0159\u00edstupy k citliv\u00fdm syst\u00e9m\u016fm a dat\u016fm,<\/li>\n\n\n\n<li>monitorovat administrativn\u00ed zm\u011bny,<\/li>\n\n\n\n<li>vy\u0161et\u0159ovat neopr\u00e1vn\u011bn\u00e9 p\u0159\u00edstupy a bezpe\u010dnostn\u00ed incidenty,<\/li>\n\n\n\n<li>prokazovat funk\u010dnost bezpe\u010dnostn\u00edch kontrol,<\/li>\n\n\n\n<li>vytv\u00e1\u0159et auditn\u00ed z\u00e1znamy a reporty.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">SIEM centralizuje tyto informace a umo\u017e\u0148uje bezpe\u010dnostn\u00edm i auditn\u00edm t\u00fdm\u016fm efektivn\u011b vyhled\u00e1vat historick\u00e1 data, prov\u00e1d\u011bt forenzn\u00ed anal\u00fdzy a generovat reporty pro intern\u00ed i extern\u00ed audity.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Z\u00e1sadn\u00ed roli p\u0159itom hraje dlouhodob\u00e1 retence log\u016f a p\u0159esn\u00e1 \u010dasov\u00e1 synchronizace ud\u00e1lost\u00ed nap\u0159\u00ed\u010d syst\u00e9my, proto\u017ee audity a vy\u0161et\u0159ov\u00e1n\u00ed incident\u016f \u010dasto vy\u017eaduj\u00ed rekonstrukci ud\u00e1lost\u00ed star\u00fdch t\u00fddny, m\u011bs\u00edce nebo i roky.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pro\u010d je viditelnost do IT prost\u0159ed\u00ed d\u016fle\u017eit\u00e1 pro audit<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Spln\u011bn\u00ed regulatorn\u00edch po\u017eadavk\u016f samo o sob\u011b nezaru\u010duje schopnost v\u010das odhalovat a efektivn\u011b \u0159e\u0161it bezpe\u010dnostn\u00ed incidenty. Centralizovan\u00e9 logov\u00e1n\u00ed, auditn\u00ed stopy a pr\u016fb\u011b\u017en\u00fd monitoring v\u0161ak vytv\u00e1\u0159ej\u00ed d\u016fle\u017eit\u00fd z\u00e1klad jak pro bezpe\u010dnostn\u00ed dohled, tak pro auditn\u00ed a compliance procesy.<\/p>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p><strong>Praktick\u00fd p\u0159\u00edklad: Audit p\u0159\u00edstupu k finan\u010dn\u00edm dat\u016fm<\/strong><\/p>\n<p>P\u0159edstavte si organizaci, kter\u00e1 mus\u00ed v r\u00e1mci intern\u00edho auditu prov\u011b\u0159it p\u0159\u00edstup k citliv\u00fdm finan\u010dn\u00edm \u00fadaj\u016fm.<\/p>\n<p><!-- wp:paragraph -->Bezpe\u010dnostn\u00ed a compliance t\u00fdmy pot\u0159ebuj\u00ed zjistit:<\/p>\n<ul>\n<li>kte\u0159\u00ed u\u017eivatel\u00e9 p\u0159istupovali k dan\u00fdm syst\u00e9m\u016fm,<\/li>\n<li>zda p\u0159edt\u00edm do\u0161lo ke zm\u011bn\u00e1m opr\u00e1vn\u011bn\u00ed,<\/li>\n<li>zda do\u0161lo k p\u0159\u00edstupu k citliv\u00fdm dat\u016fm nebo jejich exportu,<\/li>\n<li>zda se ve stejn\u00e9m obdob\u00ed objevila podez\u0159el\u00e1 p\u0159ihla\u0161ovac\u00ed aktivita.<\/li>\n<\/ul>\n<p>D\u00edky SIEM mohou analytici propojit autentiza\u010dn\u00ed logy, administrativn\u00ed zm\u011bny a auditn\u00ed z\u00e1znamy o p\u0159\u00edstupu k dat\u016fm a zrekonstruovat \u010dasovou osu ud\u00e1lost\u00ed. To v\u00fdrazn\u011b usnad\u0148uje vy\u0161et\u0159ov\u00e1n\u00ed incident\u016f, intern\u00ed kontroly i p\u0159\u00edpravu podklad\u016f pro audit.here systems, applications, and cloud services generate separate audit records.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">7. Monitoring cloudov\u00fdch a SaaS prost\u0159ed\u00ed<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"943\" height=\"628\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-cloud-monitoring.png\" alt=\"SIEM use case cloud monitoring\" class=\"wp-image-7417\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-cloud-monitoring.png 943w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-cloud-monitoring-300x200.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-cloud-monitoring-768x511.png 768w\" sizes=\"auto, (max-width: 943px) 100vw, 943px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">S rostouc\u00edm vyu\u017e\u00edv\u00e1n\u00edm cloudov\u00fdch a SaaS slu\u017eeb se monitoring platforem, jako jsou Microsoft 365, AWS, Azure nebo Salesforce, stal jedn\u00edm z nejv\u00fdznamn\u011bj\u0161\u00edch zp\u016fsob\u016f vyu\u017eit\u00ed SIEM.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cloudov\u00e1 prost\u0159ed\u00ed p\u0159in\u00e1\u0161ej\u00ed specifick\u00e1 bezpe\u010dnostn\u00ed rizika. Opr\u00e1vn\u011bn\u00ed se m\u011bn\u00ed \u010dast\u011bji, nov\u00e9 SaaS integrace vznikaj\u00ed pr\u016fb\u011b\u017en\u011b a u\u017eivatel\u00e9 mohou k syst\u00e9m\u016fm p\u0159istupovat z r\u016fzn\u00fdch za\u0159\u00edzen\u00ed a s\u00edt\u00ed prakticky odkudkoliv.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Organizace v cloudov\u00fdch prost\u0159ed\u00edch sleduj\u00ed \u0159adu stejn\u00fdch indik\u00e1tor\u016f jako v on-premise prost\u0159ed\u00ed, ale tak\u00e9 ud\u00e1losti specifick\u00e9 pro cloudov\u00e9 slu\u017eby. Pat\u0159\u00ed mezi n\u011b nap\u0159\u00edklad ne\u00fasp\u011b\u0161n\u00e1 p\u0159ihl\u00e1\u0161en\u00ed, zm\u011bny IAM politik a opr\u00e1vn\u011bn\u00ed, neobvykl\u00e1 aktivita administr\u00e1tor\u016f, schvalov\u00e1n\u00ed nov\u00fdch OAuth aplikac\u00ed a SaaS integrac\u00ed, stahov\u00e1n\u00ed dat z cloudov\u00fdch \u00falo\u017ei\u0161\u0165, API aktivita nebo zm\u011bny konfigurace ovliv\u0148uj\u00edc\u00ed bezpe\u010dnost.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pro\u010d cloud vy\u017eaduje zv\u00fd\u0161enou pozornost<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Cloudov\u00e1 prost\u0159ed\u00ed se m\u011bn\u00ed velmi rychle a ne v\u017edy podl\u00e9haj\u00ed stejn\u00fdm schvalovac\u00edm proces\u016fm jako tradi\u010dn\u00ed infrastruktura.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Nap\u0159\u00edklad:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>u\u017eivatel\u00e9 si mohou sami schvalovat SaaS integrace,<\/li>\n\n\n\n<li>opr\u00e1vn\u011bn\u00ed se mohou postupn\u011b roz\u0161i\u0159ovat,<\/li>\n\n\n\n<li>do\u010dasn\u00e9 cloudov\u00e9 prost\u0159edky mohou z\u016fstat aktivn\u00ed d\u00e9le, ne\u017e bylo zam\u00fd\u0161leno,<\/li>\n\n\n\n<li>chybn\u011b nakonfigurovan\u00e1 \u00falo\u017ei\u0161t\u011b mohou zp\u0159\u00edstupnit citliv\u00e1 data ve\u0159ejnosti.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Mnoho t\u011bchto zm\u011bn nevytv\u00e1\u0159\u00ed okam\u017eit\u00e1 upozorn\u011bn\u00ed, co\u017e zvy\u0161uje v\u00fdznam kontinu\u00e1ln\u00edho monitoringu a pravideln\u00e9ho vyhodnocov\u00e1n\u00ed bezpe\u010dnostn\u00edch ud\u00e1lost\u00ed.pens continuously throughout the day.<\/p>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p><b>Re\u00e1ln\u00fd p\u0159\u00edklad z praxe: Vy\u0161et\u0159ov\u00e1n\u00ed podez\u0159el\u00e9ho p\u0159ihl\u00e1\u0161en\u00ed do Microsoft 365<\/b><\/p>\n<p>N\u00e1sleduj\u00edc\u00ed p\u0159\u00edklad ukazuje vy\u0161et\u0159en\u00ed <a href=\"https:\/\/logmanager.com\/cs\/docs\/how-to\/vysetreni-podezreleho-office365-login\/\">podez\u0159el\u00e9ho p\u0159ihl\u00e1\u0161en\u00ed do prost\u0159ed\u00ed Microsoft 365<\/a> a postup analytika od prvotn\u00edho upozorn\u011bn\u00ed a\u017e k ur\u010den\u00ed skute\u010dn\u00e9ho rozsahu potenci\u00e1ln\u00ed kompromitace.<\/p>\n<p>P\u0159\u00edklad ukazuje, jak prov\u00e1zat zdrojovou IP adresu, souvisej\u00edc\u00edch u\u017eivatelsk\u00e9 \u00fa\u010dty, aktivity se soubory a autentiza\u010dn\u00edch ud\u00e1lost\u00ed pro rychl\u00e9 posouzen\u00ed, zda je p\u0159ihl\u00e1\u0161en\u00ed legitimn\u00ed, je v\u00fdsledkem u\u017eivatelsk\u00e9 chyby, nebo sou\u010d\u00e1st\u00ed kompromitace \u00fa\u010dtu.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">8. Threat Hunting a proaktivn\u00ed bezpe\u010dnostn\u00ed anal\u00fdza<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"942\" height=\"627\" src=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-threat-hunting.png\" alt=\"SIEM use case threat hunting\" class=\"wp-image-7419\" srcset=\"https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-threat-hunting.png 942w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-threat-hunting-300x200.png 300w, https:\/\/logmanager.com\/wp-content\/uploads\/2026\/06\/siem-use-case-threat-hunting-768x511.png 768w\" sizes=\"auto, (max-width: 942px) 100vw, 942px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Threat hunting se zam\u011b\u0159uje na aktivn\u00ed vyhled\u00e1v\u00e1n\u00ed zn\u00e1mek kompromitace, kter\u00e9 unikly automatick\u00fdm detek\u010dn\u00edm mechanism\u016fm. Analytici p\u0159i n\u011bm pracuj\u00ed s hypot\u00e9zami a vyhled\u00e1vaj\u00ed vzorce chov\u00e1n\u00ed nazna\u010duj\u00edc\u00ed p\u0159\u00edtomnost \u00fato\u010dn\u00edka v prost\u0159ed\u00ed. \u010casto tak\u00e9 pracuj\u00ed nejen se SIEM, ale i s ostatn\u00edmi bezpe\u010dnostn\u00edmi n\u00e1stroji, jako je EDR a NDR (rozd\u00edl\u016fm mezi t\u011bmito bezpe\u010dnostn\u00edmi n\u00e1stroji a SIEM se v\u011bnujeme v <a href=\"https:\/\/logmanager.com\/cs\/learn\/co-je-to-siem\/\">samostatn\u00e9m \u010dl\u00e1nku<\/a>).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Mezi typick\u00e9 indik\u00e1tory pat\u0159\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>n\u00e1hle aktivovan\u00e9 d\u0159\u00edve nepou\u017e\u00edvan\u00e9 \u00fa\u010dty,<\/li>\n\n\n\n<li>sporadick\u00e1 VPN p\u0159ihl\u00e1\u0161en\u00ed v neobvykl\u00fdch \u010dasech,<\/li>\n\n\n\n<li>neobvykl\u00e9 PowerShell p\u0159\u00edkazy,<\/li>\n\n\n\n<li>neo\u010dek\u00e1van\u00e1 odchoz\u00ed komunikace,<\/li>\n\n\n\n<li>spojen\u00ed se zn\u00e1mou \u0161kodlivou infrastrukturou,<\/li>\n\n\n\n<li>administrativn\u00ed zm\u011bny prov\u00e1d\u011bn\u00e9 netypick\u00fdmi \u00fa\u010dty,<\/li>\n\n\n\n<li>dlouhodob\u00e9 anom\u00e1lie s n\u00edzkou prioritou.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">SIEM poskytuje centralizovan\u00fd p\u0159\u00edstup k historick\u00fdm log\u016fm a ud\u00e1lostem, kter\u00e9 tvo\u0159\u00ed d\u016fle\u017eit\u00fd z\u00e1klad pro threat hunting. D\u00edky mo\u017enosti analyzovat data v del\u0161\u00edm \u010dasov\u00e9m horizontu mohou analytici odhalovat souvislosti, kter\u00e9 by jednotliv\u00e9 alerty samy o sob\u011b neodhalily.<\/p>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p>Podobn\u00e9 techniky se vyu\u017e\u00edvaj\u00ed tak\u00e9 p\u0159i monitoringu insider threats, kter\u00fd se zam\u011b\u0159uje na rizikov\u00e9 chov\u00e1n\u00ed legitimn\u00edch u\u017eivatel\u016f.<\/p>\n<\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Jak SIEM syst\u00e9my podporuj\u00ed threat hunting<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Threat hunting je zalo\u017een na schopnosti analyzovat historick\u00e1 data a hledat souvislosti, kter\u00e9 unikly automatick\u00fdm detek\u010dn\u00edm mechanism\u016fm.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Bezpe\u010dnostn\u00ed t\u00fdmy \u010dasto pot\u0159ebuj\u00ed analyzovat t\u00fddny \u010di m\u011bs\u00edce autentiza\u010dn\u00edch z\u00e1znam\u016f, porovn\u00e1vat aktu\u00e1ln\u00ed aktivitu s historick\u00fdm chov\u00e1n\u00edm, sledovat ud\u00e1losti spojen\u00e9 s konkr\u00e9tn\u00edm u\u017eivatelem, syst\u00e9mem nebo IP adresou a ov\u011b\u0159ovat, zda zd\u00e1nliv\u011b nesouvisej\u00edc\u00ed ud\u00e1losti netvo\u0159\u00ed sou\u010d\u00e1st \u0161ir\u0161\u00edho \u00fatoku.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">SIEM poskytuje centralizovan\u00fd p\u0159\u00edstup k log\u016fm z r\u016fzn\u00fdch zdroj\u016f, umo\u017e\u0148uje rychl\u00e9 vyhled\u00e1v\u00e1n\u00ed v historick\u00fdch datech, korelaci ud\u00e1lost\u00ed a vytv\u00e1\u0159en\u00ed \u010dasov\u00fdch os aktivit nap\u0159\u00ed\u010d cel\u00fdm prost\u0159ed\u00edm. D\u00edky tomu mohou analytici efektivn\u011b propojovat informace z autentiza\u010dn\u00edch syst\u00e9m\u016f, endpoint\u016f, s\u00ed\u0165ov\u00fdch za\u0159\u00edzen\u00ed, cloudov\u00fdch slu\u017eeb i aplikac\u00ed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Pokud si nap\u0159\u00edklad analytik v\u0161imne \u00fa\u010dtu, kter\u00fd po del\u0161\u00ed dob\u011b ne\u010dinnosti za\u010dal generovat VPN p\u0159ihl\u00e1\u0161en\u00ed v netypick\u00fdch \u010dasech, m\u016f\u017ee pomoc\u00ed SIEMu rychle ov\u011b\u0159it souvisej\u00edc\u00ed aktivitu. N\u00e1sledn\u00e1 anal\u00fdza m\u016f\u017ee odhalit p\u0159\u00edstupy k neobvykl\u00fdm syst\u00e9m\u016fm, pou\u017eit\u00ed administrativn\u00edch n\u00e1stroj\u016f nebo nestandardn\u00ed odchoz\u00ed komunikaci.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Teprve propojen\u00ed t\u011bchto zd\u00e1nliv\u011b nesouvisej\u00edc\u00edch ud\u00e1lost\u00ed m\u016f\u017ee uk\u00e1zat, \u017ee \u00fato\u010dn\u00edk dlouhodob\u011b testoval p\u0159\u00edstup do prost\u0159ed\u00ed a z\u00e1m\u011brn\u011b se vyh\u00fdbal detekci. Pr\u00e1v\u011b schopnost vyhled\u00e1vat, korelovat a analyzovat historick\u00e9 ud\u00e1losti v \u0161ir\u0161\u00edm kontextu pat\u0159\u00ed mezi nejd\u016fle\u017eit\u011bj\u0161\u00ed zp\u016fsoby, jak SIEM n\u00e1stroje podporuj\u00ed threat hunting.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Na co se zam\u011b\u0159it p\u0159i v\u00fdb\u011bru SIEM syst\u00e9mu<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">P\u0159esto\u017ee se po\u017eadavky jednotliv\u00fdch organizac\u00ed li\u0161\u00ed, existuje n\u011bkolik oblast\u00ed, kter\u00e9 jsou d\u016fle\u017eit\u00e9 t\u00e9m\u011b\u0159 pro v\u0161echny.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Modern\u00ed SIEM \u0159e\u0161en\u00ed by m\u011blo nab\u00edzet:<\/li>\n\n\n\n<li>spolehliv\u00fd sb\u011br, normalizaci a obohacov\u00e1n\u00ed log\u016f,<\/li>\n\n\n\n<li>rychl\u00e9 vyhled\u00e1v\u00e1n\u00ed a efektivn\u00ed vy\u0161et\u0159ovac\u00ed workflow,<\/li>\n\n\n\n<li>mo\u017enost vytv\u00e1\u0159et pokro\u010dil\u00e1 korela\u010dn\u00ed pravidla a upozorn\u011bn\u00ed,<\/li>\n\n\n\n<li>integrace s cloudov\u00fdmi a SaaS platformami,<\/li>\n\n\n\n<li>podporu threat intelligence a behavior\u00e1ln\u00ed anal\u00fdzy,<\/li>\n\n\n\n<li>\u0161k\u00e1lovateln\u00fd sb\u011br, ukl\u00e1d\u00e1n\u00ed a archivaci dat,<\/li>\n\n\n\n<li>dashboardy, reporting a auditn\u00ed v\u00fdstupy,<\/li>\n\n\n\n<li>flexibiln\u00ed spr\u00e1vu u\u017eivatel\u016f a p\u0159\u00edstupov\u00fdch opr\u00e1vn\u011bn\u00ed,<\/li>\n\n\n\n<li>mo\u017enosti automatizace bezpe\u010dnostn\u00edch proces\u016f a integrace s dal\u0161\u00edmi n\u00e1stroji.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Stejn\u011b d\u016fle\u017eit\u00e1 jako funkce je i pou\u017eitelnost. Sebelep\u0161\u00ed SIEM m\u016f\u017ee pr\u00e1ci analytik\u016f zpomalovat, pokud je vyhled\u00e1v\u00e1n\u00ed komplikovan\u00e9, spr\u00e1va pravidel nep\u0159ehledn\u00e1 nebo mno\u017estv\u00ed generovan\u00fdch alert\u016f ne\u00fanosn\u00e9. Bezpe\u010dnostn\u00ed t\u00fdmy mus\u00ed b\u00fdt schopny platformu efektivn\u011b pou\u017e\u00edvat a z\u00edsk\u00e1vat z n\u00ed relevantn\u00ed informace bez zbyte\u010dn\u00e9 administrativn\u00ed z\u00e1t\u011b\u017ee (tomuto t\u00e9matu se v\u011bnujeme v <a href=\"https:\/\/logmanager.com\/cs\/blog\/kdy-logovani-nestaci-ale-siem-je-uz-moc\/\">samostatn\u00e9m \u010dl\u00e1nku<\/a>).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">P\u0159i v\u00fdb\u011bru SIEMu je proto vhodn\u00e9 hodnotit nejen po\u010det funkc\u00ed, ale tak\u00e9 rychlost pr\u00e1ce s daty, kvalitu integrac\u00ed, n\u00e1roky na spr\u00e1vu a celkov\u00e9 provozn\u00ed n\u00e1klady.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pro\u010d z\u00e1le\u017e\u00ed na zp\u016fsobu implementace<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Mnoho probl\u00e9m\u016f spojen\u00fdch s provozem SIEM nen\u00ed technick\u00e9ho, ale procesn\u00edho charakteru.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Efektivitu \u0159e\u0161en\u00ed mohou v\u00fdrazn\u011b sn\u00ed\u017eit nap\u0159\u00edklad \u0161patn\u011b nastaven\u00e9 alerty, nekonzistentn\u00ed sb\u011br log\u016f, nadm\u011brn\u00e9 mno\u017estv\u00ed \u0161umu, nejasn\u011b definovan\u00e9 odpov\u011bdnosti nebo neaktualizovan\u00e1 detek\u010dn\u00ed pravidla.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Proto organizace obvykle dosahuj\u00ed lep\u0161\u00edch v\u00fdsledk\u016f, pokud p\u0159i implementaci SIEMu za\u010dnou s n\u011bkolika vysoce hodnotn\u00fdmi sc\u00e9n\u00e1\u0159i pou\u017eit\u00ed, od za\u010d\u00e1tku dbaj\u00ed na kvalitu a normalizaci log\u016f, pr\u016fb\u011b\u017en\u011b lad\u00ed alerty a korela\u010dn\u00ed pravidla, pravideln\u011b vyhodnocuj\u00ed detek\u010dn\u00ed logiku, propojuj\u00ed monitoring s re\u00e1ln\u00fdmi provozn\u00edmi riziky.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Nej\u00fasp\u011b\u0161n\u011bj\u0161\u00ed implementace SIEM se zpravidla nesna\u017e\u00ed monitorovat v\u0161e najednou. Soust\u0159ed\u00ed se na konkr\u00e9tn\u00ed bezpe\u010dnostn\u00ed c\u00edle a postupn\u011b roz\u0161i\u0159uj\u00ed sv\u00e9 pokryt\u00ed podle pot\u0159eb organizace.h noise, security teams may struggle to use the platform effectively day-to-day.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011brem: SIEM je mnohem v\u00edc ne\u017e n\u00e1stroj pro generov\u00e1n\u00ed alert\u016f<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">SIEM nen\u00ed pouze n\u00e1stroj pro sb\u011br log\u016f a generov\u00e1n\u00ed alert\u016f. Jeho hlavn\u00edm p\u0159\u00ednosem je schopnost propojit ud\u00e1losti nap\u0159\u00ed\u010d cel\u00fdm IT prost\u0159ed\u00edm a poskytnout bezpe\u010dnostn\u00edm t\u00fdm\u016fm pot\u0159ebn\u00fd kontext pro rychl\u00e9 a spr\u00e1vn\u00e9 rozhodov\u00e1n\u00ed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A\u0165 u\u017e ale organizace \u0159e\u0161\u00ed detekci bezpe\u010dnostn\u00edch hrozeb, viditelnost nebo pot\u0159ebu naplnit regulatorn\u00ed po\u017eadavky, \u00fasp\u011bch v\u017edy stoj\u00ed na kvalitn\u00edch datech, efektivn\u00ed korelaci ud\u00e1lost\u00ed a dob\u0159e nastaven\u00fdch procesech.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">S rostouc\u00ed komplexnost\u00ed modern\u00edch IT prost\u0159ed\u00ed bude schopnost rychle identifikovat souvislosti mezi bezpe\u010dnostn\u00edmi ud\u00e1lostmi st\u00e1le d\u016fle\u017eit\u011bj\u0161\u00ed. Pr\u00e1v\u011b zde SIEM p\u0159in\u00e1\u0161\u00ed nejv\u011bt\u0161\u00ed hodnotu, proto\u017ee pom\u00e1h\u00e1 prom\u011bnit rozs\u00e1hl\u00e9 mno\u017estv\u00ed log\u016f v informace, na jejich\u017e z\u00e1klad\u011b lze efektivn\u011b jednat.<\/p>\n\n\n<div class=\"flex items-start gap-4 lg:gap-6 bg-white rounded-2xl lg:rounded-24 p-6 pr-8 lg:p-8 lg:pr-10 my-6 lg:my-10\">\n            <div class=\"shrink-0 size-7\">\n            <svg width=\"28\" height=\"28\" viewBox=\"0 0 28 28\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                <g clip-path=\"url(#clip0_2972_5339)\">\n                <path d=\"M14.0025 28.0049C21.7358 28.0049 28.0049 21.7358 28.0049 14.0025C28.0049 6.26912 21.7358 0 14.0025 0C6.26912 0 0 6.26912 0 14.0025C0 21.7358 6.26912 28.0049 14.0025 28.0049Z\" fill=\"#00E24A\"\/>\n                <path d=\"M12.9659 20V11.2727H15.3864V20H12.9659ZM14.1818 10.1477C13.822 10.1477 13.5133 10.0284 13.2557 9.78977C13.0019 9.54735 12.875 9.25758 12.875 8.92045C12.875 8.58712 13.0019 8.30114 13.2557 8.0625C13.5133 7.82008 13.822 7.69886 14.1818 7.69886C14.5417 7.69886 14.8485 7.82008 15.1023 8.0625C15.3598 8.30114 15.4886 8.58712 15.4886 8.92045C15.4886 9.25758 15.3598 9.54735 15.1023 9.78977C14.8485 10.0284 14.5417 10.1477 14.1818 10.1477Z\" fill=\"white\"\/>\n                <\/g>\n                <defs>\n                <clipPath id=\"clip0_2972_5339\">\n                <rect width=\"28\" height=\"28.0049\" fill=\"white\"\/>\n                <\/clipPath>\n                <\/defs>\n            <\/svg>\n        <\/div>\n    \n    <div class=\"infobox-content leading-normal\"><p><strong>Jak funguje SIEM v re\u00e1ln\u00e9m provozu?<\/strong><\/p>\n<p>SIEMy jsou komplexn\u00ed syst\u00e9my a ka\u017ed\u00e1 organizace je vyu\u017e\u00edv\u00e1 trochu jinak s ohledem na sv\u00e9 vlastn\u00ed prost\u0159ed\u00ed, odv\u011btv\u00ed, rizika, bezpe\u010dnostn\u00ed priority a regulatorn\u00ed po\u017eadavky.<\/p>\n<p>Pokud chcete nahl\u00e9dnout do konkr\u00e9tn\u00edho vyu\u017eit\u00ed SIEMu v praxi, pod\u00edvejte se na p\u0159\u00edpadovou studii zdravotnick\u00e9 organizace.<\/p>\n<p>\u2192 <a href=\"\/?resource_category=pripadova-studie-nemocnice-jihlava\">P\u0159e\u010d\u00edst p\u0159\u00edpadovou studii<\/a><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Zjist\u011bte v\u00edce o vyu\u017eit\u00ed SIEM syst\u00e9m\u016f v praxi.<\/p>\n","protected":false},"author":4,"featured_media":7403,"parent":0,"template":"","learning_hub_tag":[],"class_list":["post-7464","learning_hub","type-learning_hub","status-publish","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub\/7464","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub"}],"about":[{"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/types\/learning_hub"}],"author":[{"embeddable":true,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/users\/4"}],"version-history":[{"count":4,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub\/7464\/revisions"}],"predecessor-version":[{"id":7468,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub\/7464\/revisions\/7468"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/media\/7403"}],"wp:attachment":[{"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/media?parent=7464"}],"wp:term":[{"taxonomy":"learning_hub_tag","embeddable":true,"href":"https:\/\/logmanager.com\/cs\/wp-json\/wp\/v2\/learning_hub_tag?post=7464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}