- “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
- “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list.
- My classic PCI DSS Log Review series is popular as well. The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.0 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book.
- “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here).
- “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM, see this document)
In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:
Current research on SIEM:
- SIEM Real-time and Historical Analytics Collide?
- SIEM and Badness Detection
- My Blueprint for Designing a SIEM Deployment Publishes
- “Stop The Pain” Thinking vs the Use Case Thinking
- More on SIEM Maturity – And Request for Feedback!
- My Evaluation Criteria for Security Information and Event Management Publishes
- On SIEM Tool and Operation Metrics
- SIEM Analytics Histories and Lessons
- Popular SIEM Starter Use Cases and Detailed SIEM Use Case Example
- Back to SIEM Research!
- SIEM Webinar Questions – Answered
- How to Use Threat Intelligence with Your SIEM?
Miscellaneous fun posts:
- Why No Security Analytics Market?
- On “Defender’s Advantage”
- Security Essentials? Basics? Fundamentals? Bare Minimum?
(see my published Gartner research here)
Previous post in this endless series: