Security Information and Event Management (SIEM) is a set of integrated log management and monitoring tools that help organisations detect and respond to cyber-attacks.
SIEM systems aggregate, normalise and correlate log event information from endpoints, infrastructure and applications to detect potentially malicious activity. When anomalous behaviour is identified, an alert is generated for investigation.
These tools come out of the box with pre-defined rules, but to really maximise value from them, organisations need to be able to develop their own rules, or use cases, that expand threat coverage and visibility across their environments.
Watch this webinar, hosted by cyber risk experts from Kroll and Redscan, to learn about the best practices for developing SIEM use cases.
- Discover different use cases and how they can be deployed to swiftly detect the latest adversarial techniques
- See a demonstration of how to effectively develop SIEM use cases in the open signature format, Sigma
- Learn more about effective integrations that facilitate automation
- Gain insight into writing SIEM rules for their own environment
Developing a set of use cases will minimise the risk of cyber-attacks going undetected and impacting your organisation’s finances, reputation and compliance status.
The webinar was presented in August 2021 by Roger Bell, Head of Content at Redscan and Scott Hanson, Associate Managing Director at Kroll.