(SIEM) Monitoring - Where do we start (or restart).

Most vendors would like to add a lot of devices to your SIEM, display a lot of alerts and reports and vanish. In simple term your SIEM becomes GIGO (Garbage In Garbage Out)


Here is a sensible check list from Dr. Anton Chuvakin which can be a good starting point.



Follow this link:-
http://www.securitywarriorconsulting.com/security-incident-log-review-checklist.html