You have a SIEM, Now What?

This talk will cover what to do once you have a SIEM approved by management. How do you configure it? How do you tune from it? During the talk we will touch on what is needed to deploy the SIEM, along with where the logs should come from. We will also touch on if there are compliance and regulatory requirements for retention. We will talk about how to ingest and tune the logs for your specific use case because there is no cookie cutter way to deploy a SIEM. We will touch on where the logs should come from what devices that you should obtain information from. We will also touch on what Open source tools that you can use and how they can integrate with cloud environments which organizations are moving. We will also touch on the topic of NIDS, HIDS and Threat Intel in the context of using them with a SIEM.