REDLEGG BLOG

Tips and Tricks for Supporting SIEM Systems

Jul 9, 2017 12:27:46 PM  |  by Laura Hees

Master Tickets
The ticketing systems primary responsibilities within the SIEM system are to organize, describe and archive event investigations and incidents. What is done to make the events actionable or relative documented data in the ticketing systems is critical. Don’t make it complicated just do it. Rate, document and define the process and work flow.

Environmental Awareness
Plugged in to previous vulnerabilities and weaknesses helps with providing a proactive stance and helps make the SIEM more effective.

Understanding of the Hacker Mindset
It is important to be proactive in its approach to security. Using a passive defensive approach is painful and counterproductive when it comes to discovery and prevention of attacks. SIEM teams need to understand the anatomy of a hack and to understand where and how breaches can occur.

Reporting Structure
SIEM teams needs to have precedence over other operating teams so swift actions can be taken during emergencies. Keep the SIEM function separate so there are no operational responsibilities leading to conflict of interests.

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Related Articles

6 Steps of Vulnerability Scanning Best Practices blog

6 Steps of Vulnerability Scanning Best Practices

Vulnerability scanning (vuln-scan) is the process of finding exploits, flaws, security holes, insecure access entry ...
How to Maximize your MSS Experience blog

How to Maximize your MSS Experience

Your Managed Security Services provider is a crucial player in your overall security posture, and our number one goal ...