SIEM and other flexible, broad-use security technologies (but, frankly, SIEM more than others!) raise the critical question of USE CASES. So, together with Augusto Barros, we are about to undertake a research project dedicated to finding, creating, refining, optimizing and retiring use cases for SIEM and some other monitoring technologies. This effort promises to be very exciting – and of course supremely valuable for Gartner GTP clients!
For now, while we are still deciding on the scope of this effort (and finishing up our VA / VM research too) here are some useful links.
Some of my past writing on SIEM use cases can be found here:
- Popular SIEM Starter Use Cases
- Detailed SIEM Use Case Example
- A very old whitepaper but with lots of SIEM use case details
- Security Information and Event Management Architecture and Operational Processes (Gartner GTP access required)
Some other excellent SIEM use case writing is linked below:
- SIEM Use Case Implementation Mind Map (focus on the process, less on a laundry list of use cases)
- Security Monitoring / SIEM Use-Cases (lots of info with links to more SIEM use case guides)
- SIEM Use Cases: What Your Need To Know
- SANS Effective Use Case Modeling for Security Information & Event Management [PDF]
Select recent blog posts related to SIEM:
- Co-Managed SIEM Rising
- My “Evaluation Criteria for Security Information and Event Management” 2015 Update Publishes
- Once More on Cloud SIEM or SaaS SIEM
- SIEM/ DLP Add-on Brain?
- Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.