Security Information and Event Management (SIEM) Questions
Sep 13 2021
Hot data is necessary for live security monitoring.
Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions).
As an example, SolarWinds said the attackers first compromised its development environment on Sept. 4, 2019. So, to investigate the SolarWinds case, we have to go back to Sept. 4, 2019, from now on (July 13, 2021). In this case, we need at least 18 months of live data.
The second example of why hot data is critical is from the IBM data breach report. The average time to identify and contain a breach is 280 days, according to this report.
Hot data gives defenders the quick access they need for real-time threat hunting, but hot data is more expensive than the archive option in current SIEM solutions.
Keeping data hot for SIEM use is inevitably one of the most expensive data storage options.
What are your thoughts about it, dear professionals?
Aug 27 2021
What is the best way to deploy agents/sensors (such as a SIEM agent) in large-scale Windows environments?
Any hands-on tips or recommendations?
Sep 03 2021
When one writes detection rules for SIEM solutions, what are the criteria of a good detection rule?
Can you share any examples?
Aug 24 2021
Once a SIEM is deployed successfully, what are the top use cases you'd recommend to implement for the Microsoft environment?
Thank you in advance!
Aug 10 2021
Which SIEM for small/medium-sized companies do you consider the most economical?
Splunk, Security Onion, UTMStack, other? What do you like about it vs other ones?
Aug 12 2021
Is Rapid7 InsightIDR an efficient solution (to be used in SOC as an analysis tool) in comparison with other SIEM products, such as IBM QRadar, Splunk, and LogRhythm NextGen SIEM?
Aug 27 2021
Hi community members,
Let's discuss what are the main differences between UEBA (User and Entity Behavior Analytics) and SIEM (Security Information and Event Management) solutions.
Sep 08 2021
We would like to hear your insights on the latest trends in SOC. What are you seeing in the field or forecasting?
Please share your opinion on how these trends are going to influence the future of the relevant solutions, tools, etc. used in SOC.
Looking forward to hearing your insights,
Apr 16 2021
Hi, I'm looking for a technical comparison between Splunk Phantom SOAR and FireEye SOAR solutions.
Can anyone help with insights?
Aug 09 2021
I have slowly switched our entire network over to Fortinet products over the past few years and been pleased with the products overall.
I would like to utilize FortiSIEM for more robust monitoring and response, but the cost is extremely prohibitive for my company (<25 employees). Suggestions?
Jun 28 2021
There are many cybersecurity tools available, but some aren't doing the job that they should be doing.
What are some of the threats that may be associated with using 'fake' cybersecurity tools?
What can people do to ensure that they're using a tool that actually does what it says it does?
Aug 09 2021
How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution?
Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?
Do you have recommendations for the best SIEM tool to invest in for a large financial services provider? What particular features of your recommended tool make it the best choice?
Mar 23 2021
I'm the owner of a small tech services company.
I'm looking for help with a template for a SIEM PoC (high-level, generic document). Can anyone help?
Thank you, Dan
Sep 07 2021
What are the differences between how NDR and SIEM work?
What are the pros and cons of each? Is it necessary to have both types of tools?
Can anyone advise on which SIEM will work best with Palo Alto Cortex XDR?
I work at mid-sized enterprise bank. I am researching SIEM solutions. Which is the best tool for security information and event management: Arcsight or Securonix?
Aug 31 2021
SIEM and SOAR have a lot of components in common. How do they differ in the role they play in Cyber Security?
If you've been working in cybersecurity, you've likely come across SOAR and SIEM technologies. There are differences between their capabilities, although they have a fair amount of commonalities. They both collect data, but the quantity of data, type of data, and type of response is where they differ. As threats have advanced, security professionals may be in need of both.
That's where SOAR and SIEM come to the rescue, although there has been some confusion as to the difference between the two. The two technologies have different competencies, but can be combined to increase a security team's or SOC's effectiveness.
SIEM vs SOAR
In short, SIEM aggregates and correlates data from multiple security systems to generate alerts while SOAR acts as the remediation and response engine to those alerts.
SIEM is the collection and aggregation of security data sourced from integrated platforms logging event-related data - firewalls, network appliances, intrusion detection and prevention systems, etc. - then correlates data across devices, categorizes, and analyzes incidents before issuing alerts. The alerts are identified by using sophisticated analytical techniques and machine learning, which require fine tuning. This leaves a lot of alerts for a security team or SOC to prioritize and remediate; a difficult, time-consuming process.
SOAR, on the other hand, is designed to help security teams automate the response process by gathering alerts, managing cases, and responding to the endless alerts generated by SIEM. With SOAR, security teams can integrate with security alerts and create adaptive, automated incident response workflows. This gives SecOps the ability to prioritize threats and deliver faster results.
May 29 2021
Are event correlation and aggregation both needed for effective event monitoring and SIEM?
Jul 26 2021
Hi dear community members,
There's a lot of SIEM solutions. SIEMs are not something you just install and wait for great things to happen, right?
What questions should someone ask before purchasing a SIEM?
Help your peers ask the right questions so that they'll make the best decision.
Product CategoriesSecurity Information and Event Management (SIEM)
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about empow, Amazon, Splunk, and more!
- What is the difference between IT event correlation and aggregation?
- What Questions Should I Ask Before Buying SIEM?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
- What is the difference between SIEM and SOAR platforms?
- How does Network Detection and Response (NDR) Differ from SIEM?
- What is the difference between log management and SIEM?
- Which SIEM is best fit with Palo Alto Cortex XDR?
- What are the main differences between UEBA and SIEM solutions?
- What are the top use cases to implement after deploying a SIEM?