I just did a full-day SIEM workshop (a SAS day) for a large enterprise client. While I cannot show our specific agenda (it is covered by an NDA), I can share some of the ideas and topics we explored via a mix of presentations and facilitated group discussions (about 15 people were present).
- Introduction to logging and dealing with logs, reasons for takings logs seriously, common log types, etc
- Introduction to SIEM tools, their functionality, SIEM market (via Magic Quadrant), common use cases, tool deployment approaches, architecture
- Common and essential SIEM processes and practices, skills and roles for people involved with a SIEM, security monitoring process success tips
- Review of current logging and log management across the organization, who uses what data, who collects data and in what system
- Future goals for this area, requirements and challenges with what is logged and how logs are treated today (and of past log/SIEM projects)
- Discussion about current vs desired future state, challenges with current ways of dealing with logs, ultimate goals and “Phase 1” goals
- Logging and compliance, known regulatory and other external mandates, common requirement interpretations, what other organizations are doing
- Review of current compliance logging, log sources, tools used, processes in place, teams involved
- Discussion about “Mandate 1” and “Mandate 2” [sorry, cannot disclose the details] security monitoring requirements and SIEMs role in addressing these requirements at the organization
- SIEM/security monitoring delivery options: internal, outsourced, co-sourced, managed, hybrid; pros/cons, ways to compare and choose
- SIEM RFP elements and approaches to total SIEM program cost estimation, review of Gartner SIEM RFP toolkit
- Joint creation of project outline and approach to addressing the challenges, recommendations, conclusions, etc.
If you are a Gartner client and would like an in-depth full-day guidance on acquiring, deploying and/or operating a SIEM tool effectively, please get in touch with your friendly neighborhood Gartner sales person. I’d be happy to do a similar customized workshop for your organization as well. And, no, I don’t know how much we charge for it
Related SIEM posts: