1 Reply Latest reply on Sep 3, 2014 2:27 PM by Scott Taschler

    SIEM Foundations

    Scott Taschler

      Hello SIEM Community,


      Please excuse some dust.  Later this afternoon you will see a large number of updates published to this group (~30).  I will reply on this thread when the updates are complete, but in the meantime those of you receiving email notifications on this group may want to tune out for a bit.



        • 1. Re: SIEM Foundations
          Scott Taschler

          Updates are complete.


          SIEM Foundations - Index

          In the course of ever new SIEM deployment, there comes a time when the team responsible for the new tool takes a step back and says "now what?"  This comes after the appliances are racked, networked and configured, and initial logs are flowing serenely into the SIEM.  Dashboards begin to populate with logs, canned correlation rules begin to fire, and the administrator sitting at the console becomes immediately overwhelmed by the magnitude of the problem they have tackled.  With millions, or billions, of individual events flowing into the SIEM every day, it's a daunting task deciding what's urgent today, what trends are important to watch over time, and what can be safely ignored.


          The McAfee SIEM Foundations program is designed as a roadmap to help users of McAfee SIEM build out their SIEM in a way that delivers value early, and is easy to expand over time in a predictable fashion.  McAfee SIEM Foundations is based on a series of deployment stages that build directly on each other.  The basic concepts and tactics outlined in McAfee SIEM Foundations may be applied to any SIEM deployment, however the bulk of this guide will focus on the details of implementing this program with McAfee Enterprise Security Manager (ESM).


          This is a work in progress.  More to come.  Please have a look, and let us know what you think.




          Scott Taschler
          Technical Director, Security Management

          McAfee. Part of Intel Security.