SIEM Usage

From Glitchdata
Jump to navigation Jump to search


  • Develop Use Cases
    • Implementing a security information and event management (SIEM) process helps ensure that incidents are correctly identified and handled appropriately.
    • Because an SIEM process depends on log analysis based on predefined rules, the most effective way to reduce false-positive alerts is to develop use cases for known threats to identified critical systems.
    • The use cases would then be used to develop appropriate rules for the SIEM solution.