Workshop: SIEM Best Practices


Virtual | March 24, 2021

Register Now

The SIEM Workshop is a new virtual experience for any security professional looking to better secure their business using the LogRhythm platform.

Optimize your SIEM.

Knowledge that will save you time, your business's money, and your team its growing pains in the long-run.




Talk tracks designed for management and technical folks alike, you'll find information applicable for everyone on the team. Prepare to takeaway some action items that will help you optimize and maintain your SIEM investment.



As a SIEM service partner these past 10+ years, we've learned some tips and tricks along the way in what works... and what doesn't. We invite you to share your own experiences, in your unique vertical and business, that will lend additional insight and start conversations.



While your more traditional webinars are great for individual growth, we're giving you a platform to engage, participate, and ask all your questions. We hope you'll feel like you're sitting in the same room as your colleagues, growing together and learning from each other.



Come ready with the hardest roadblocks you have, and see if you can stump the expert. Our RedLegg mentor and leader has been in your shoes before, and he understands your frustrations and woes. Prepare to strengthen your skills in your career path and takeaway lessons for the long-road.

Workshop schedule

Wednesday, 3/24/21

  • 10am - 11am CT
    • Security Tools vs Operations Tools - Learn the differences between Security and Operational focused tools and the impact that both can have within your environment. Emphasis will be placed on knowing the use cases for each and how a mature practice implements both.
    • Designing for Growth - Planning the growth of your logging infrastructure is a long-term plan, and while you may scope for your current logging environment, future growth and resource planning is critical to get the most out of an expensive SIEM investment.
    • Do's And Don'ts Of Windows Logging - With Windows logging, there is a lot of information that is collected and forwarded to a logging solution. This talk discusses the key points and values in collecting Windows logs and focusing on the key things to keep in mind so that valuable information does not slip through the cracks of the noise.
  • 11am - 11:15am CT
    • Break
  • 11:15am - 12:15pm CT
    • Why Fewer Well Tuned Rules Are Better Than Many - It can be difficult to know where to begin with enabling security rules within any logging solution. Our architect will review best practices around LogRhythm and explain how a manageable ruleset can be attained (ex. in some cases, a “Less is More” approach with solidly built rules and following an appropriate framework).
    • Top Log Sources You Should Be Ingesting & Why - Discussion will be focused around what you NEED to log to get the necessary visibility into the critical aspects of your logging environment. This includes potential sensitive information, risk platforms, and potential ingress/egress points. We'll also discusses the key points and values in collecting Windows logs, focusing on what to keep in mind so that valuable information doesn't slip through the cracks of noise.
    • Proactive System Management - When playing the long-game in security, your SIEM health is of utmost importance. We'll dive into ways you and your team can be proactive in maintaining your SIEM's event management, DX health, and processing health to ensure that you remain smooth-sailing over the years to come.
  • 12:15pm - 12:30pm CT
    • Additional Q&A

Post-Attendee Resources

Review additional content produced by RedLegg SMEs, including some around IR topics.

  • Webinars
  • Best practice handout guides
  • Workshop recording
  • Workshop slides

Your Workshop leader

Tim Strack
Principal Sales Engineer
Tim Strack is a customer-centric Principal Sales Engineer with over 20 years of IT and IS experience, the last 13 years focused on SIEM, SOAR, and UEBA. Tim has also worked for LogRhythm, Splunk, LogPoint, and EventTracker during his tenure.

wherever you are

"My expectations were met and actually exceeded." -J.

"Lots of great knowledge through RedLegg in ways that are easy to understand that create operational impact." -S.

"Informative, practical advice from a wealth of experience in the trenches." -K.



(And it was free.)