Which of the following should the SIEM support?

6 thoughts on “Which of the following should the SIEM support?”

1. Found this info about SIEM and Big Data Analytics

   https://www.exabeam.com/siem-guide/siem-analytics/

   Reply

2. Lookiing at centralized log aggregation–that is almost the definition of a SIEM. Here we want a SIEM which is dynamic so machine learning is a given. Now, I have to choose between Big Data Analytics and cloud based management. Cloud based would create an easier pull to collect information and adapt quickly to new vulnerabilities or attack. However, it says cloud management–which I am less comfortable will do that.
   So I will go with B & D.

   1

   Reply

3. I like B, and F

   Machine learning = The SIEM must be able to identify traffic baseline anomalies

   Centralized log aggregation = Anonymous attack data from all customers must augment attack detection and risk scoring

   2

   2

   Reply

4. “The SIEM must be able to identify traffic baseline anomalies” Integrating machine learning would do that. B-

   “New security notifications must be dynamically implemented by the SIEM engine” sounds like cloud-based managment. E-

   Auto scaling search and Centralized log aggregation are great and adding Big data analytics would definitely give your SIEM capabilities a boost, but for me, when analyzing what the question is asking, I have to go with B and E.

   1

   2

   Reply

   1. “when analyzing what the question is asking, I have to go with B and E.”

      You didn’t analyze the question..

      A siem already has centralized log aggregation.

      3

      2

      Reply

5. A and F, any thoughts?

   2

   Reply