The ticketing systems primary responsibilities within the SIEM system are to organize, describe and archive event investigations and incidents. What is done to make the events actionable or relative documented data in the ticketing systems is critical. Don’t make it complicated just do it. Rate, document and define the process and work flow.
Plugged in to previous vulnerabilities and weaknesses helps with providing a proactive stance and helps make the SIEM more effective.
Understanding of the Hacker Mindset
It is important to be proactive in its approach to security. Using a passive defensive approach is painful and counterproductive when it comes to discovery and prevention of attacks. SIEM teams need to understand the anatomy of a hack and to understand where and how breaches can occur.
SIEM teams needs to have precedence over other operating teams so swift actions can be taken during emergencies. Keep the SIEM function separate so there are no operational responsibilities leading to conflict of interests.