Description: Implementing a SIEM can be a complex and costly process. Many organizations fail to realize the full potential of their SIEM because they fail to capture the right logs. Others get mired in voluminous logs of little significance. Most also miss out on what is potentially the most useful log source of all, individual endpoints. SIEM vendors are equally to blame for failing to deliver on their promises to interpret and correlate logs.
Two years ago we started on a SIEM implementation project with a lofty goal: to collect logs from every endpoint on our network. We have nearly reached our goal and learned a lot of lessons along the way. In this presentation we will present lessons learned, unique correlations we have devised, suggestions for vendors to improve their logging, and suggestions for SIEM vendors to improve their products without using the words threat intelligence.
Aaron Beuhring
Aaron Beuhring has over 13 years of IT experience. He enjoys correcting configurations and occasionally misconfiguring things as well.
Kyle Salous
Kyle Salous has over 10 years of IT Security experience. He enjoys doing more with less while keeping the bad guys on their toes.
For More Information Please Visit: - bsidesdc.org/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.