In this most excellent edition of the Exploring Information Security podcast, I talk with Derek Thomas a senior information security analyst specializing in log management and SIEM on the topic of: "What is a SIEM?"
Derek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM. He seemed to be very passionate about the subject and that showed in this interview.
In this episode, we discuss:
How to pronounce SIEM
What is a SIEM
How to use a SIEM
The biggest challenge using a SIEM
How to tune the SIEM
Use cases, use cases, use cases.
More Resources:
Applied Network Security Monitoring: Collection, Detection, and Analysis by Chris Sanders and Jason Smith
Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff and Jonathan Ham.
Logging and Log Management: The Authorative Guide to Understanding the Concepts Surrounding Logging and Log Management by Anton A. Chuvakin and Kevin J. Schmidt