Updates are complete.
In the course of ever new SIEM deployment, there comes a time when the team responsible for the new tool takes a step back and says "now what?" This comes after the appliances are racked, networked and configured, and initial logs are flowing serenely into the SIEM. Dashboards begin to populate with logs, canned correlation rules begin to fire, and the administrator sitting at the console becomes immediately overwhelmed by the magnitude of the problem they have tackled. With millions, or billions, of individual events flowing into the SIEM every day, it's a daunting task deciding what's urgent today, what trends are important to watch over time, and what can be safely ignored.
The McAfee SIEM Foundations program is designed as a roadmap to help users of McAfee SIEM build out their SIEM in a way that delivers value early, and is easy to expand over time in a predictable fashion. McAfee SIEM Foundations is based on a series of deployment stages that build directly on each other. The basic concepts and tactics outlined in McAfee SIEM Foundations may be applied to any SIEM deployment, however the bulk of this guide will focus on the details of implementing this program with McAfee Enterprise Security Manager (ESM).
This is a work in progress. More to come. Please have a look, and let us know what you think.
Technical Director, Security Management
McAfee. Part of Intel Security.