DEV Community

Durgesh Shukla
Durgesh Shukla

Posted on

Fundamental steps for a successful Security Information and Event Management (SIEM) implementation

After researching multiple use cases and experiences on successful SIEM implementation projects by CISOs across industries, these are the guidelines that were commonly followed prior to kickstarting SIEM adoption:

1️⃣ Prerequisite 1: Source asset identification
A good SIEM strategy includes the identification of critical assets that send key data, plus the context, logs, and events around the data into the SIEM.

2️⃣Prerequisite 2: Data quality
Garbage in, garbage out. To get the right type of data fed into the SIEM, source it from the correct sources.

3️⃣Prerequisite 3: Logging levels
The rules controlling the event stream flowing into the SIEM should not cause too many false positives, but yet maintain a deep level of visibility.

Top comments (2)

Collapse
 
durguess profile image
Durgesh Shukla

Here is how you can add enriched data to SIEMs (for example - Microsoft Sentinel) by leveraging an open-source threat detection engine such as Falco: sysdig.com/blog/extract-maximum-va...

Collapse
 
durguess profile image
Durgesh Shukla

Also, a good way to reduce your SIEM costs by preprocessing logs: sysdig.com/resources/webinars/beco...