Workshop: SIEM Best Practices


Chicago | May 12, 2022


The SIEM Workshop is an opportunity for any security professional looking to better secure their business using the LogRhythm platform.

Optimize your SIEM.

Knowledge that will save you time, your business's money, and your team its growing pains in the long-run.




Talk tracks designed for management and technical folks alike, you'll find information applicable for everyone on the team. Prepare to takeaway some action items that will help you optimize and maintain your SIEM investment.



As a SIEM service partner these past 10+ years, we've learned some tips and tricks along the way in what works... and what doesn't. We invite you to share your own experiences, in your unique vertical and business, that will lend additional insight and start conversations.



While your more traditional webinars are great for individual growth, we're giving you a platform to engage, participate, and ask all your questions. We hope you'll feel like you're sitting in the same room as your colleagues, growing together and learning from each other.



Come ready with the hardest roadblocks you have, and see if you can stump the expert. Our RedLegg mentor and leader has been in your shoes before, and he understands your frustrations and woes. Prepare to strengthen your skills in your career path and takeaway lessons for the long-road.

Workshop Agenda

Post-Attendee Resources

  • What are you Protecting - Identifying the key systems that are most critical to your organization
  • Top Log Sources You Should Be Ingesting & Why - Discussion will be focused around what you NEED to log to get the necessary visibility into the critical aspects of your logging environment. This includes potential sensitive information, risk platforms, and potential ingress/egress points. We’ll also discusses the key points and values in collecting Windows logs, focusing on what to keep in mind so that valuable information doesn’t slip through the cracks of noise.
  • Designing for Growth - Planning the growth of your logging infrastructure is a long-term plan, and while you may scope for your current logging environment, future growth and resource planning is critical to get the most out of an expensive SIEM investment.
  • Alarm Strategies - It can be difficult to know where to begin with enabling security rules within any logging solution. Our architect will review best practices around LogRhythm and explain how a manageable ruleset can be attained (ex. in some cases, a “Less is More” approach with solidly built rules and following an appropriate framework).
  • Proactive System Management - When playing the long-game in security, your SIEM health is of utmost importance. We’ll dive into ways you and your team can be proactive in maintaining your SIEM’s event management, DX health, and processing health to ensure that you remain smooth-sailing over the years to come.
  • Advanced Configuration Recommendations - A deep dive into the LogRhythm System to look at more advanced settings that improve can improve functionality and performance.
  • Value of True ID - Understanding why this tool can simplify identifying user activity and improve behavior analyticS.

Post-Attendee Resources

Review additional content produced by RedLegg SMEs, including some around IR or Advisory topics as well.

  • Access to Additional Webinars
  • Best practice handout guides
  • Workshop slides

Your Workshop leader

Chris Young
Senior Deployment Engineer
Chris Young is a veteran solutions professional with over 20 years of IT and Cybersecurity experience, the last 7 years at RedLegg have been focused on SIEM deployment and optimization.  Chris brings subject matter expertise of both deployment and integration as well as daily management and optimization of the LogRhythm platform.


"My expectations were met and actually exceeded." -J.

"Lots of great knowledge through RedLegg in ways that are easy to understand that create operational impact." -S.

"Informative, practical advice from a wealth of experience in the trenches." -K.