What Generated Data Should Your SIEM Ingest?

What Generated Data Should Your SIEM Ingest?


What data should your SIEM solution ingest for optimal performance? 


In traditional SIEM strategy and execution, SIEM collects and ingests data from throughout the enterprise network. Then, the solution normalizes the data for easy analysis and uses the information to uncover security events. Therefore, IT security teams can discover and investigate potentially connected security events and uncover breaches early.

ALERT: Our Buyer’s Guide for SIEM helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace and Bottom Line Analysis.

As it can uncover security issues and attacks from anywhere, SIEM and similar cybersecurity technologies like SOAR take on special importance during the coronavirus pandemic. SIEM can help with investigations even on remote devices. Additionally, its data ingestion capabilities can uncover malicious user behaviors.  


However, this traditional understanding of SIEM doesn’t address a significant problem in legacy SIEM and in SIEM misconfiguration: improper data. Not all data generated by enterprises—which could total in the terabytes every week—is relevant. How do you know what your SIEM should ingest? 


What Data Should Your SIEM NOT Ingest?    


Let’s begin to answer this question by examining the opposite. What should you avoid plugging into your cybersecurity for optimal performance? 


First, your security team should not try to feed your SIEM every log generated by your business’ infrastructure. After all, this creates a serious challenge to your IT security team. The more logs you feed into your SIEM, the more alerts you create…and thus the more potential false positives. The chances that the system mistakes normal behavior as susp ..

Support the originator by clicking the read the rest link below.