I believe when we built a solution for any customer SOC environment, we need to take a survey of running equipment, their IoS and our product should compatible with their resources , APIs , third party integration, log management and the reporting mechanism should be good enough to understand each and every security aspects.
There are multiple tools are available for the comparison of different SIEM enterprise solution. As per my experience, splunk and arcsight is compatible for most of the customer environment, even though devices are not updated.
Hot data is necessary for live security monitoring.
Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions).
As an example, SolarWinds said the attackers first compromised its... Read More »