Gartner Blog Network

Category: 'siem' Blog Posts

from the Gartner Blog Network

PCI Council Log Monitoring Supplement

by Anton Chuvakin  |  August 3, 2016

As I was gracefuly reminded, PCI Council has released a new (and MUCH neeed) document, “Information Supplement: Effective Daily Log Monitoring.” A lot of research (example) reveals that Requrement 10...

Read more »

Our New Paper on Security Monitoring Use Cases Publishes

by Anton Chuvakin  |  February 17, 2016

It is with incredible excitement that we announce the publication of our new paper “How to Develop and Maintain Security Monitoring Use Cases” [Gartner GTP access requried]. The abstract states:...

Read more »

Our 2016 SIEM Papers Are Out!

by Anton Chuvakin  |  February 12, 2016

We are happy to announce that our awesome SIEM papers have just published: The fabled “Security Information and Event Management Architecture and Operational Processes” (now in its 3rd edition) is...

Read more »

A Quick Update on Our Research

by Anton Chuvakin  |  December 29, 2015

Since some of you are asking, here is what is cooking…. Just done: vulnerability assessment and vulnerability management (finished Nov 2015) “How to Implement Enterprise Vulnerability Assessment” “A Guidance Framework...

Read more »

Starting A SIEM Project from Vendor Use Case Content: WIN or FAIL?

by Anton Chuvakin  |  December 2, 2015

Can I run my SIEM project exclusively with the use case content (including rules, reports, alerts, dashboards, algorithms) provided by my SIEM vendor? Short answer: YES, as long as you...

Read more »

SIEM Use Case Implementation and Tuning Process

by Anton Chuvakin  |  November 25, 2015

Time to touch the main challenge: SIEM use case implementation / refinement process [also applicable to other monitoring technologies, like UBA / UEBA]. In our seminal paper on the topic,...

Read more »

Fun Challenges with SIEM Use Cases

by Anton Chuvakin  |  November 11, 2015

Often I save the solutions for our Gartner GTP papers, but I blog about the challenges. No, this won't be a post [eh.... a short trilogy of no more than...

Read more »

SIEM Use Case Discovery

by Anton Chuvakin  |  November 5, 2015

Our journey to SIEM use cases begins at SIEM USE CASE DISCOVERY, a commonly overlooked [even by me :-)] step. Coincidentally, why didn’t I take it seriously sometimes? Because if...

Read more »

SIEM Use Cases - And Other Security Monitoring Use Cases Too!

by Anton Chuvakin  |  October 27, 2015

SIEM and other flexible, broad-use security technologies (but, frankly, SIEM more than others!) raise the critical question of USE CASES. So, together with Augusto Barros, we are about to undertake...

Read more »

Co-Managed SIEM Rising

by Anton Chuvakin  |  August 24, 2015

I don’t usually blog on specific research … but when I do, it is about SIEM. So, a very interesting piece just went up on the Gartner site. It is...

Read more »