- “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge. Current emergence of open source log search tools, BTW, does not break the logic of that post.
- “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
- “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM, see this document)
- “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases.
- My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.0 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (just out in its 4th edition!)
Current research on security analytics:
- Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
- Security Analytics – Finally Emerging For Real?
- Why No Security Analytics Market?
- My “How to Work With an MSSP to Improve Security” Paper Publishes
- Should I Use “SIEM X” or “MSSP Y”?
- How To Exit an MSSP Relationship?
- MSSP Client Onboarding – A Critical Process!
- MSSP: Integrate, NOT Outsource!
- On MSSP Personnel
- On MSSP SLAs
- Acting on MSSP Alerts
- MSSP Client Responsibilities – What Are They?
- Find Security That Outsources Badly!
- Challenges with MSSPs?
- How To Work With An MSSP Effectively?
- Defeat The Casual Attacker First!!
- On “Defender’s Advantage”
- Bye-bye, Compliance Thinking. Welcome, Military Thinking!
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014.
Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.
Previous post in this endless series: