Tag: Security Incident and Event Management tools

• A quick guide on how to estimate Log Retention and log rotation policies

  Step 1: Define Retention and Rotation Policies Step 2: Determine Event Size Step 3: Determine EPS (Events Per Second) Step 4: Determine Daily Disk Space Requirements Step 5: Compress Logs Step 6: Determine Storage Requirement for the Estimated Total Average EPS Here’s an example calculation based on the above policies: Note: These calculations are just…

  ReZa AdineH

  March 2, 2023

  Blog post

  A quick guide on how to estimate Log Retention and log rotation policies, Cyber Security, EPD, EPS, EPS estimation, Log management, log retention, log rotation, Logger, reza Adineh, Rezaadineh, Security Incident and Event Management tools, security operation, SIEM, SIEM capacity Management guide, SIEM Solutions: A Guide to Proper Capacity Management, soc

• A quick guideline for how to estimate or calculate your EPS or required capacity

  To estimate the capacity required for log management, you need to determine the EPS and then calculate the amount of disk space needed to store the logs generated at that rate. Here’s a step-by-step guide: Step 1: Determine the EPS To determine the EPS, you need to know the number of events generated per second.…

  ReZa AdineH

  March 2, 2023

  Blog post

  Cyber Security, EPD, EPS, EPS estimation, Event per second, Log management, Logger, reza Adineh, Rezaadineh, Security Incident and Event Management tools, security operation, SIEM, soc

• A useful concepts for SIEM assessment, implementing a SIEM-CMM: SIEM capability Maturity Model concepts

  I. Introduction A. Purpose of the white paper The purpose of this white paper is to provide an overview of the Technical Capability and Maturity Model (CMM) for Security Information and Event Management (SIEM) implementation, and to highlight the importance of SIEM implementation capability and maturity for organizations. B. Definition of SIEM SIEM is a…

  ReZa AdineH

  February 28, 2023

  Blog post

  Cyber Security, MITRE, NIST Cybersecurity Framework (CSF), reza Adineh, Rezaadineh, SANS Institute, security continues monitoring, Security Incident and Event Management tools, security operation, Security Operations Center, SIEM, SIEM capabilities, soc, Threat intelligence, TTPs

• Use the SOC CMM as a baseline for assessment of the right SIEM you might need to consider

  here is another approaches to use for assessment of the right SIEM product based on SOC-CMM approaches. There are 3 main categories to consider: 1-The basic and fundamental features of the SIEM 2-The security analytics requirement 3-The automation and orchestration requirement In the below table we can see the table of topics to consider for…

  ReZa AdineH

  February 22, 2023

  Blog post

  Cyber Security, reza Adineh, Rezaadineh, Security Incident and Event Management tools, security operation, SIEM, soc, SOC-CMM, Threat Detection and Analysis

• SIEM Assessment via Yes, No approaches

  In many cases lots of companies need to assess the right product for using as the right tools as Security Incident and Event Management tools (SIEM), that is considered as the core product of the Security Operations Center (SOC). here there are 4 main general category to consider yes no questions. This approaches is the…

  ReZa AdineH

  February 22, 2023

  Blog post

  assessment, checklist, Cyber Security, reza Adineh, Rezaadineh, Security Incident and Event Management tools, security operation, SIEM, soc