Gartner Blog Network

Category: 'logging' Blog Posts

from the Gartner Blog Network

PCI Council Log Monitoring Supplement

by Anton Chuvakin  |  August 3, 2016

As I was gracefuly reminded, PCI Council has released a new (and MUCH neeed) document, “Information Supplement: Effective Daily Log Monitoring.” A lot of research (example) reveals that Requrement 10...

Read more »

SIEM/ DLP Add-on Brain?

by Anton Chuvakin  |  February 27, 2015

Initially I wanted to call this post “SIEM has no brains”, but then questioned such harshness towards the technology I’ve been continuously loving for 13 years :-) In any case,...

Read more »

SIEM Webinar Questions - Answered

by Anton Chuvakin  |  April 14, 2014

Last year, I did this great SIEM webinar on “SIEM Architecture and Operational Processes” [free access to recording! No Gartner subscription required] and received a lot of excellent questions. This...

Read more »

How to Use Threat Intelligence with Your SIEM?

by Anton Chuvakin  |  March 26, 2014

SIEM and Threat Intelligence (TI) feeds are a marriage made in heaven! Indeed, every SIEM user should send technical TI feeds into their SIEM tool. We touched on that subject...

Read more »

Detailed SIEM Use Case Example

by Anton Chuvakin  |  September 24, 2013

During inquiries, I am handling a lot of questions about SIEM use cases, what they are, where to get them, how to create them, how to document them, evolve them,...

Read more »

Our Log Standards Paper Publishes

by Anton Chuvakin  |  December 11, 2012

Recently I updated a paper originally written by Dan Blum called “Event and Log Information: A Strong Case for Standards” and it just got posted to the site: “A deficit...

Read more »

On “Output-driven” SIEM

by Anton Chuvakin  |  September 24, 2012

Here is a great term I picked from another SIEM literati: “output-driven SIEM.” This simply means deploying your security information and event management tool in such a way that NOTHING...

Read more »

On SIEM Deployment Evolution

by Anton Chuvakin  |  August 24, 2012

Is your SIEM stuck in the past? Is it “mature”? Is it evolving? Is it solving one problem or many? Is it collecting logs or collecting dust? This post continues...

Read more »

On People Running SIEM

by Anton Chuvakin  |  August 9, 2012

As promised, this next post from my SIEM research project is about people. Over the course of my 10+ year (!) experience with SIEM technology, I have come across organizations...

Read more »

On SIEM Processes/Practices

by Anton Chuvakin  |  July 30, 2012

Security monitoring (whether centered around a SIEM tool or broadly defined) is not something you can actually buy. A software or an appliance - purchased and racked in your data...

Read more »