Save 40% on Coursera Plus Annual

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Can You Roll Your Own SIEM

Black Hat via YouTube

Start learning Write review
Corporate Finance Institute Ad

Get 35% Off CFI Certifications - Code CFI35

Learn More → Datacamp Ad

Power BI Fundamentals - Create visualizations and dashboards from scratch

Learn More →

Overview

Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the feasibility and benefits of building a custom cloud-native Security Information and Event Management (SIEM) system in this 29-minute Black Hat conference talk. Learn about Two Sigma's journey to replace their expensive third-party SIEM solution, including considerations for threat modeling, feature parity, and data ingestion methods. Discover the operational wins, lessons learned, and cost savings achieved through this in-house approach. Gain insights into the overall effort required, resulting capabilities, and improved observability and flexibility of a custom SIEM solution.

Syllabus

Introduction
Considerations & Requirements
Threat Model
Build vs. Buy
Feature Parity
What We Needed
Batch Loads
Streaming Ingest
Scheduled Queries
Streaming Alerting
Data Access Controls
Operational Wins
Lessons Learned
Overall Effort
Resultant Capabilities
Cost Savings
Observability & Flexibility

Taught by

Black Hat

Reviews

Start your review of Can You Roll Your Own SIEM

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.