An emerging best practice is to have SIEM Health Checks to be installed. Health Checks allow for periodic monitoring of your system and ongoing system. This is still an emerging art, but there are a few great developments on the way.
More here: http://blogs.gartner.com/anton-chuvakin/2014/06/17/on-siem-tool-and-operation-metrics/
No best practices. ;-) Use case development is my number 1 recommendation.
ReplyDeleteTest
ReplyDeleteAn emerging best practice is to have SIEM Health Checks to be installed.
ReplyDeleteHealth Checks allow for periodic monitoring of your system and ongoing system.
This is still an emerging art, but there are a few great developments on the way.
More here: http://blogs.gartner.com/anton-chuvakin/2014/06/17/on-siem-tool-and-operation-metrics/
https://www.scnsoft.com/press-room/pressreleases/8569_sciencesoft-s-health-check-framework-for-ibm-qradar-acknowledged-by-gartner-siem-expert