TaoSecurity. Log Management Central | Log management and SIEM news, opinions, advice, and fun. Csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf. Www.securitywarriorconsulting.com/security-incident-log-review-checklist.pdf. UPDATED Free Log Management Tools. Free, Enterprise-class Log Management Tool | Novell. Download NetIQ Sentinel Log Manager 25 FREE! There is no trial period or time limit—just stay under the EPS limit and you can keep using it forever! Unleash the power of your log files! Sentinel™ Log Manager puts all the information in your log files at your fingertips, making it easy to collect, search, and report on log data. With support for full indexing of any data from any source, and parsing for most systems and devices, Sentinel Log Manager brings the best of unstructured searching or structured drill-down search into events and taxonomy.
Log in now to check out the demo and see more! Here's what you'll get with Sentinel Log Manager 25 Free log management solution, up to 25 events per second Support for structured and unstructured log data Google-like forensic search and drill-down search Rich and easy-to-use reporting Software appliance supports VMWare or bare-metal install Provides a clear path to complete, real-time SIEM No event limits for the first 60 days! Testimonial. SIEM Bloggables. I was working on a presentation related to Security Information and Event Management (SIEM) the other day.
Even though it was intended for a particular audience, a few pieces of it are generic enough to be shared with the world at large. Hopefully said world at large will find it useful for planning SIEM deployments, analyzing your requirements, improving SIEM product design, etc. So, in no particular order: What SIEM MUST Have Today? Log and Context Data Collection Normalization (including event categorization) Correlation (what used to be bundled under “SEM”) Notification/alerting (“SEM”) [the role of real-time processing seems to be shrinking, as I predicted in 2004 - that surprised everybody including myself] Alert/event prioritization (“SEM”) Reporting (“SIM”) [including visualization] Security role workflow [from security analyst roles to incident responder (my classic piece on using SIEM for incident response, BTW) to security manager and – rarely!
Key SIEM Use Cases Enjoy!