This talk will go into the world of Security information and event management (SIEM) Monitoring and its potential. In order to properly optimize your SIEM, forwarding logs for alerts falls short of properly detecting threats within an organization. In order to properly Utilize your SIEM, a variety of log source types must be used to properly have a deep detection of your network for intrusions and threats. In order to utilize your SIEM properly, logs, flows, vulnerability data, and File monitoring must be collected, and parsed. This data must be properly aggregated and tuned to the organization's needs for more actionable alerting and reporting.

Back to Circle City Con 2016 Videos list