REDLEGG BLOG

Tips and Tricks for Supporting SIEM Systems

Jul 9, 2017 12:27:46 PM  |  by Laura Hees

Master Tickets
The ticketing systems primary responsibilities within the SIEM system are to organize, describe and archive event investigations and incidents. What is done to make the events actionable or relative documented data in the ticketing systems is critical. Don’t make it complicated just do it. Rate, document and define the process and work flow.

Environmental Awareness
Plugged in to previous vulnerabilities and weaknesses helps with providing a proactive stance and helps make the SIEM more effective.

Understanding of the Hacker Mindset
It is important to be proactive in its approach to security. Using a passive defensive approach is painful and counterproductive when it comes to discovery and prevention of attacks. SIEM teams need to understand the anatomy of a hack and to understand where and how breaches can occur.

Reporting Structure
SIEM teams needs to have precedence over other operating teams so swift actions can be taken during emergencies. Keep the SIEM function separate so there are no operational responsibilities leading to conflict of interests.

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Related Articles

Successful: LogRhythm SIEM Workshop Chicago events, siem, mss

Successful: LogRhythm SIEM Workshop Chicago

REGISTER FOR THE JULY WORKSHOP HERE On February 28th, RedLegg hosted a successful full-day workshop in Chicago for ...
MDR vs Managed SIEM: The Best MSS Solution siem, mss

MDR vs Managed SIEM: The Best MSS Solution

Many publications compare Managed Detection and Response (MDR) to Managed Security Services (MSS), but this premise may ...