Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?

Ertugrul Akbas - PeerSpot reviewer
  • 3
  • 604
PeerSpot user

1 Answer

Real User
Sep 13, 2021

We changed our model to be able to cover such critical long-term cases. 

We upload all our critical log sources to AWS S3 for a 3-year retention period. Based on compliance needs we either leave the log files as-is or scrub them from metadata that does not serve any purpose. 

In a second pass, we then inject the last 180 days of data into our SIEM. Should the need be we can always search our original log files for required data or re-ingest older data. 

This helps us save money while addressing security needs.

Ertugrul Akbas - PeerSpot reviewer
Real User
Top 5
Sep 15, 2021

@reviewer1469436 Some SIEMs keeps data(log) hot for a long time with minimal disk size. For example, for 10000 EPS and 365 days live (hot), they require 20 TB disk size.This model may be easier than your model and very fast.

PeerSpot user
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management. Updated: November 2023.
746,670 professionals have used our research since 2012.
Search for a product comparison in Log Management
Security Information and Event Management (SIEM)
A Security Information and Event Management (SIEM) system gives security managers a holistic overview of multiple security systems.
Download Security Information and Event Management (SIEM) ReportRead more