This is a good start. I was thinking along the same lines. One of the most time consuming parts is chasing down issues. It doesn't add up if you are trying to work with IT teams at the same time, you have to add data sources, monitor, chase incidents, analyze, write rules, etc... and the list goes on. I'm also hoping for more responses.
It would be nice if there was some sort of baseline training or certification for these devices. I recently became responsible for our SIEM and while I'm no dummy, it's simply overwhelming what it can do, and trying to get a fix on any one particular function or process is difficult at best.
I agree the amount of features and how you can use them does get overwhelming. I have put in a PER to create documentation/videos of how McAfee and it's customer-base are using some of the features in an advanced setting (preferably with screenshots of configurations) -- I think this is really the best way as I don't McAfee having enough materail to create a course that covers this information.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.