What we do is offer SOC as a service in Sri Lanka. We have a physical SOC based on this product. We find the SIEM is, of course, the main focus of any client. The incident reporting, the logging, and then the alarms or alerts being reported come in as the number one purpose for adopting the product.  

Next will come things like asset discovery where sometimes the client does not have the resources to put into the ultimate solution or their network. Then things like the summarization of events and incidents are important. Most clients like to have weekly reports from us which tell them where the areas are that they need to look at. With the AT&T MSSP (Managed Security Services Provider) product that we are using, it is very easy to customize the reports. Then the correlation of our drilling down to diagnose the incidents also becomes very easy. The features related to the SIEM are really easy to handle and once you get to know the dashboards and the features, they make it very easy to drill down to the issues.