Skip to content
Training ⑤

The new (aged) SIEM papers are out!


As Anton presently talked about below and here, our update of the massive SIEM paper was turned into two new papers:

How to Architect and Deploy a SIEM Solution
SIEM is expected to stay a mainstay of safety checking, but numerous corporations are challenged with deploying the technological know-how. This steering framework gives a structured strategy for complex specialists doing the job to architect and deploy a SIEM option.
Published: 16 Oct 2018
Anton Chuvakin | Anna Belak | Augusto Barros

How to Run and Evolve a SIEM Resolution
Controlling and working with a SIEM is hard, and quite a few initiatives are caught in compliance or minimal price deployments. Most SIEM worries come from the operations facet, not damaged resources. This steerage supports technical industry experts centered on safety doing work to run, tune and make use of SIEM tools.
Published: 05 Nov 2018
Augusto Barros | Anton Chuvakin | Anna Belak



We resolved to split the doc so we could grow on individuals two major activities, deploying and functioning a SIEM, with out the stress of making a doc so big it would scare absent the viewers. A terrific secondary consequence of that is we were being equipped to set with each other different steerage frameworks for each individual a single of these pursuits. Some of my favorite items of every single doc:


“User and entity behavior analytics (UEBA)-SIEM convergence enables corporations to also include UEBA-centric use conditions and machine learning online courses (ML) capabilities in their deployment initiatives.” (A hoopla-significantly less way to communicate about “OMG AI AI!”)

“Staff shortages and menace landscape drive lots of corporations to SaaS SIEM, co-managed SIEM and company-weighty styles for their SIEM deployments and procedure.” (Since, in scenario you have not discovered, SIEM Wants Folks TO Operate)

“Adopt the “output-pushed SIEM” design, exactly where very little comes into a SIEM resource except there is a very clear know-how of how it would be used.” (I know it’s old, but hey, this is our critical guidance for people deploying SIEM! So, however a most loved)

“Deploy use scenarios demanding consistent baselining and anomaly detection, these kinds of as user account compromise detection, making use of ML/superior analytics features beforehand associated with UEBA” (because it’s not all marketing and advertising rubbish these use cases are the perfect in good shape for UEBA abilities)


“Creating and refining protection checking use situations is essential to an helpful SIEM. Person-made and tailored detection logic provides the most worth.” (since ongoing SIEM benefit Requires use case administration)

“Develop the critical operational processes for SIEM: operate, view and adapt. When vital, fill the gaps with expert services this kind of as MSS and co-managed SIEM” (we promoted “tune” to “adapt”)

“Prepare and continue to keep enough methods to take care of and troubleshoot log collection challenges. New resources will be added software upgrades improve log assortment solutions and formats ecosystem adjustments typically lead to assortment disruption.” (ML abilities, big data online courses tech, all that is neat, but a large chunk of SIEM work is still staying ready to get the info in)


Group: siem-and-log-management  

Tags: research  siem  ueba  use-cases