Jul 30, 2015 2:41 PM

    SIEM Performance Baseline

    LT McGary

      Has anyone created a baseline for the performance of their SIEM that goes beyond EPS and event distribution? I'm looking for metrics like:


      1. Does the amount of time to run reports change noticeably after performing an upgrade to the system or after adding/deleting data sources?
      2. Does running a query take longer to complete as time goes on between upgrades?
      3. Does reporting in general start having issues over time?


      Any feedback or other metric suggestions would be greatly appreciated.