Architecture Design

The following articles introduce you to requirements gathering, solution design, how various SIEMs can differ, and more.

SSISS: A SIEM Requirements Gathering Case Study
– A fictional requirements gathering exercise that highlights what data should be gathered, how to use it to design an architecture, estimate storage and infrastructure costs, and how to select a vendor.

A SIEM Odyssey: How Albert Einstein Would Have Designed Your SIEM Architecture
– An overview of how a SIEM works, what risks can arise from under-sizing an architecture, and what strategies can be used to cost-effectively build an adequate environment.

Managing your SIEM Internally or Outsourcing
– Considerations for determining which parts of your SIEM environment can be outsourced.

The Pros and Cons of Structuring Log Data at Ingestion Time with SIEMs
– The benefits and risks of either parsing/normalizing data during ingestion or at search-time.

The Million Dollar SIEM Question: To Parse or Not To Parse
– How an often overlooked design consideration can result in significantly different storage costs for a SIEM environment.

If Milton Friedman Created Your SIEM Team
– Considerations on how to structure a SIEM team and the various roles and responsibilities of the parties involved in managing the environment.

Calculate and Configure Caches
– The criticality of an often overlooked SIEM design consideration, and how to estimate expected cache sizes.

Understanding Your License Model
– The criticality of understanding SIEM license models and the various impacts they can have.

Selecting a SIEM Storage Medium
– Considerations for selecting appropriate storage for your SIEM environment and risks for overlooking this task.

Standard-Size your SIEM HA and DR Environments
– The importance of creating an HA/DR environment mapped to your requirements and risk appetite.