My favorite Gartner GTP research document has just been updated:
Using security information and event management requires more than just buying the right technology. Security architects must understand how to properly design and operate SIEM; this is critical to avoiding the costly mistake of an ineffective or failed deployment.
This document is a full guide to organizations planning to buy or implement a SIEM. It also has lots of content for those that have a SIEM in place but are struggling with getting the full value from it. It was published by Anton Chuvakin back in 2013, updated in 2014 and again now – with the addition of a co-author 🙂