- “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge. Current popularity of open source log search tools, BTW, does not break the logic of that post. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. Also, developing a SIEM is much harder than most people think – some parts demand an open ended commitment from its developer. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … [206 pageviews]
- “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [105 pageviews]
- “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases as well as this new post. Finally, see our new 2015 research on SIEM use cases here! [90 pageviews]
- My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.1 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (just out in its 4th edition!) [128+ pageviews to the main tag]
- “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here in this paper). [46 pageviews of total 3420 pageviews to all blog pages]
In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:
Current research on SIEM:
Miscellaneous fun posts:
- Where Does EDR End and “NG AV” Begin?
- On Stupidity of Some Privacy Themes
- Five Basic Forgotten Security Alert Truths
- Security: Automate And/Or Die?
- On Space Between Detection and Response
- Your SOC Nuclear Triad
- Threat Intelligence and Operational Agility
- On Tanks vs Tractors
- Enable the Business? Sometimes Security Must Say “NO”…
- Defeat The Casual Attacker First!!
- On “Defender’s Advantage”
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014.
Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.
Previous post in this endless series: