- My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.0 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book.
- “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
- “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list.
- “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM, see this document)
- “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here).
In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:
Current research on MSSP:
- On MSSP Personnel
- On MSSP SLAs
- Acting on MSSP Alerts
- MSSP Client Responsibilities – What Are They?
- Find Security That Outsources Badly!
- Challenges with MSSPs?
- How To Work With An MSSP Effectively?
Previous research on SIEM:
- My UPDATED “SIEM Technology Assessment and Select Vendor Profiles” Publishes
- My UPDATED “Security Information and Event Management Architecture and Operational Processes” Publishes
- My Evaluation Criteria for Security Information and Event Management Publishes
- My Blueprint for Designing a SIEM Deployment Publishes
- SIEM Real-time and Historical Analytics Collide?
- SIEM and Badness Detection
- “Stop The Pain” Thinking vs the Use Case Thinking
- SIEM Analytics Histories and Lessons
- Popular SIEM Starter Use Cases and Detailed SIEM Use Case Example
- How to Use Threat Intelligence with Your SIEM?
Miscellaneous fun posts:
- Why No Security Analytics Market?
- On “Defender’s Advantage”
- Security Essentials? Basics? Fundamentals? Bare Minimum?
(see all my published Gartner research here)
Previous post in this endless series: