SIEM Usage

From Glitchdata
Revision as of 00:48, 12 October 2021 by Jasonchen (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


  • Develop Use Cases
    • Implementing a security information and event management (SIEM) process helps ensure that incidents are correctly identified and handled appropriately.
    • Because an SIEM process depends on log analysis based on predefined rules, the most effective way to reduce false-positive alerts is to develop use cases for known threats to identified critical systems.
    • The use cases would then be used to develop appropriate rules for the SIEM solution.