I'm the owner of a small tech services company.
I'm looking for help with a template for a SIEM PoC (high-level, generic document). Can anyone help?
Thank you, Dan
Most SIEM vendors have a PoC script that they will run you through, but it is typically customized for their architecture. Are you looking for a basic PoC script, or something tailored to a specific use case?
This might help - https://resources.infosecinstitute.com/best-guide-for-preparation-of-siem-poc-proof-of-concept/
(Disclaimer: I work for Securonix. If you're looking to begin a SIEM purchase exercise, I advise incorporating next-gen SIEM requirements in your PoC.)
How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution?
Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?
Buying a SIEM solution, especially for a large enterprise, is a massive decision.
How long does your organization spend on making this decision? How long does it then take to implement?
What are your considerations before pulling the trigger on a particular solution?
What's your shortlist process like?
How do you do your research?
What are your primary considerations?
How do independent user review sites like IT Central Station, or independent analyst reviews, influence your decision?
Would love to hear your thoughts. Thanks in advance :)