During recent months, my focus has been the evaluation of some Security Information and Event Management (SIEM) products. It is interesting and full of new experiences. I create a baseline feature list for the SIEM products, which is derived from multiple products and best practices.
The baseline is comprised of 5 susbsystems:
I am also preparing to perform the evaluations is a lab environment. As a result, I am setting up a testing environment with my team to provide different logs to the products.
I recommend the contents presented by Dr. Anton Chuvakin as a very useful reference.
The baseline is comprised of 5 susbsystems:
- Log management and analysis
- Event correlation
- Management console/dashboards
- Reaction
- Knowledge base
I am also preparing to perform the evaluations is a lab environment. As a result, I am setting up a testing environment with my team to provide different logs to the products.
I recommend the contents presented by Dr. Anton Chuvakin as a very useful reference.
No comments:
Post a Comment