More than Just Logs: Preparing your SIEM Environment for Security Analytics presented at BSidesColumbus 2014

by Stephen Hosom,

Summary : There's a ton of hype around security analytics--getting security data from non security-centric data sources. Security analytics is a great idea, however, most organizations don't really seem to have moved past simple log collection with their SIEM. If we're all looking at using non security data to make sense out of our security data, wouldn't it help to actually be looking at our security data in the first place?
In this talk I will discuss SIEM ideas, thoughts, practices, and tips that can help to start steering your organization towards a successful use of security analytics. Then, I'll show you how to put everything together and make your tools work together in new, crazier ways than ever.