SIEM and other flexible, broad-use security technologies (but, frankly, SIEM more than others!) raise the critical question of USE CASES. So, together with Augusto Barros, we are about to undertake a research project dedicated to finding, creating, refining, optimizing and retiring use cases for SIEM and some other monitoring technologies. This effort promises to be very exciting – and of course supremely valuable for Gartner GTP clients!
For now, while we are still deciding on the scope of this effort (and finishing up our VA / VM research too) here are some useful links.
Some of my past writing on SIEM use cases can be found here:
- Popular SIEM Starter Use Cases
- Detailed SIEM Use Case Example
- A very old whitepaper but with lots of SIEM use case details
- Security Information and Event Management Architecture and Operational Processes (Gartner GTP access required)
Some other excellent SIEM use case writing is linked below:
- SIEM Use Case Implementation Mind Map (focus on the process, less on a laundry list of use cases)
- Security Monitoring / SIEM Use-Cases (lots of info with links to more SIEM use case guides)
- SIEM Use Cases: What Your Need To Know
- SANS Effective Use Case Modeling for Security Information & Event Management [PDF]
Select recent blog posts related to SIEM: