Simplified SIEM Use Case Management

Explore simplified SIEM use case management in this 21-minute conference talk from Derbycon 2015. Learn about Security Incident/Event Management (SIEM) and the importance of maintaining a Use Case Database (UCDB). Discover how a UCDB can help define monitoring needs, replace manual log reviews, and prioritize alert development. Gain insights into sample reports, including concept alerts by category and responsible group. Follow along as Ryan Voloch outlines the basics of SIEM use cases, provides quick start steps, and demonstrates how to effectively manage security monitoring even without a dedicated SIEM system.

Syllabus

Outline About Ryan Voloch SIEM (Security Incident/Event Management) Use Case Database (UCDB) Basics Quick Start Steps Review Schema Sample Reports
The Basics What is a SIEM use case!
Why maintain a SIEM Use Case Database (UCDB)? Allows you to define the ocean you want to bol
But what if I don't have a SIEM? Use a UCDB to define your needs. Replace manual reviews of individual log systems, start documenting a UCDB.
Sample UCDB Quickstart Steps Sample SIEM Use Case Database. What is it!
Sample Report: Concept Alerts by Category and Responsible Group A prioritized menu of use cases to help identify what to develop next.