This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Use of SIEM examples in other environments and companies

PhillipBacinsk1
Beginner
Beginner

‎2019-09-06 03:28 PM

Hi. I currently work for a university that recently got NetWitness. One of the things that my team would like to look into is what do other companies use their SIEMs for? What are some things that you look for when you set up your SIEM?

0 Likes
1 REPLY 1

Anonymous
Not applicable

‎2019-09-08 09:45 PM

There is definitely no single right answer for everyone. It comes down to understanding your risks:
- What assets do you have that others want?
- How can they get at those assets?
- What methods of attack can you prevent entirely?
What's left are, hopefully, attack methods that you can detect through log event analysis. Companies then build policies to collect the logs that would detect those types of attack and rules to trigger when the appropriate behaviors manifest themselves. I kind of feel like I'm saying nothing of substance, but at a 10,000 ft level, that's how it works.

This is a good place to start: https://jpcertcc.github.io/ToolAnalysisResultSheet. It shows basically every logged which types of events trigger when certain types of attacks happen.

 

Hope this helps!

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.