The following articles highlight best practices for day-to-day operations of your SIEM environment.
Effective Searching
– The two major risks to an organization when end users search incorrectly, and strategies that can be used to ensure staff know how to search effectively.
Disable Unused Content
– A simple strategy that can be used to optimize your SIEM environment.
Alerting On Quiet Log Sources
– Considerations and best practices on how to alert when a data source stops logging to a SIEM.
Log Source Verification
– How to verify data sources logging to a SIEM, and how to avoid creating a major security gap.
Monitor for Caching
– Critical best practice to reduce risk of data delays or loss.
Timestamp Management
– The importance of understanding the various timestamps used by your SIEM.