Gartner Blog Network

Category: 'logging' Blog Posts

from the Gartner Blog Network

Is SIEM The Best Threat Detection Technology, Ever?

by Anton Chuvakin  |  August 7, 2017

That’d be a “NO” – those of my readers who are “anti-SIEM” can calm down now :–) Well…. let me explain and perhaps you will see that the answer evolves...

Read more »

SIEM or Log Management?

by Anton Chuvakin  |  July 26, 2017

Welcome to 2002! Let’s discuss a timely topic … and, no, its not Y2K – that one is fortunately over. The topic is: SIEM vs log management. Yes, really! In...

Read more »

Summer of SIEM 2017 Coming...

by Anton Chuvakin  |  July 11, 2017

Initially, I wanted to name this post “My SIEM Is Too Slow | My SIEM Is Too Dumb”, but then I decided to go for a milder version, because –...

Read more »

PCI Council Log Monitoring Supplement

by Anton Chuvakin  |  August 3, 2016

As I was gracefuly reminded, PCI Council has released a new (and MUCH neeed) document, “Information Supplement: Effective Daily Log Monitoring.” A lot of research (example) reveals that Requrement 10...

Read more »

SIEM/ DLP Add-on Brain?

by Anton Chuvakin  |  February 27, 2015

Initially I wanted to call this post “SIEM has no brains”, but then questioned such harshness towards the technology I’ve been continuously loving for 13 years :-) In any case,...

Read more »

SIEM Webinar Questions - Answered

by Anton Chuvakin  |  April 14, 2014

Last year, I did this great SIEM webinar on “SIEM Architecture and Operational Processes” [free access to recording! No Gartner subscription required] and received a lot of excellent questions. This...

Read more »

How to Use Threat Intelligence with Your SIEM?

by Anton Chuvakin  |  March 26, 2014

SIEM and Threat Intelligence (TI) feeds are a marriage made in heaven! Indeed, every SIEM user should send technical TI feeds into their SIEM tool. We touched on that subject...

Read more »

Detailed SIEM Use Case Example

by Anton Chuvakin  |  September 24, 2013

During inquiries, I am handling a lot of questions about SIEM use cases, what they are, where to get them, how to create them, how to document them, evolve them,...

Read more »

Our Log Standards Paper Publishes

by Anton Chuvakin  |  December 11, 2012

Recently I updated a paper originally written by Dan Blum called “Event and Log Information: A Strong Case for Standards” and it just got posted to the site: “A deficit...

Read more »

On “Output-driven” SIEM

by Anton Chuvakin  |  September 24, 2012

Here is a great term I picked from another SIEM literati: “output-driven SIEM.” This simply means deploying your security information and event management tool in such a way that NOTHING...

Read more »