Lets face it, deploy a SIEM solution which give you value is difficult. It's not enough with install the solution and configure the different log sources to send the events.
You need to customize the predefine content to your needs or create new from scratch. And that takes time, not only from the consultant who deploy the solution, but from all the different stakeholders who want to get something from the shiny new SIEM tool installed. Otherwise you can end up having a tool who nobody uses proactive, just a place to store logs, nothing else.
It's sad but it can happens, you need to start building up your system from the floor to the roof, not the other direction. Sounds obvious, but sometimes is not.
Thursday, April 15, 2010
Wednesday, April 14, 2010
Welcome to the Smart SIEM blog
Hi there,
Welcome to the Smart SIEM blog (if you don't know what SIEM is, this is not your blog).
A picture is worth a thousand words:
Welcome to the Smart SIEM blog (if you don't know what SIEM is, this is not your blog).
A picture is worth a thousand words:
Subscribe to:
Posts (Atom)