What did the SIEM See?

Presented at BSidesDC 2019, Oct. 27, 2019, 1:30 p.m. (50 minutes)

The SIEM, everyone has one, but does anyone really know how to get to most from them? There are many SIEMs out there and they can be used for many different purposes but at the core it’s likely the most high maintenance security tool you have in your environment However, .with a little TLC you would be amazed the value you can get as long as long as you know what you are after.

Come join these speakers as they talk about common use cases, tips, tricks, and ways to get the most out of your SIEM including maintenance and tuning, what you should be ingesting, and common practices to better your visibility and posture.

Presenters:

• JR Presmy
  JR has 15 years’ experience in Infosec with the last half of his career as a cyber security architect. He enjoys turning massive piles of data into actionable information.
• Shawn Thomas - SOC Manager at Verizon Media
  Shawn spent many years of his career as an analyst, incident responder, and threat hunter. Recently he finds himself running SOCs to empower analysts to better find evil.

Links:

• https://bsidesdc2019.busyconf.com/schedule#activity_5cfc15e3c844ba852b00010d

Similar Presentations:

• BSides Austin 2017 / Forget enumerating a network, hack the SIEM and win the war
• ShmooCon XIV (2018) / This Is Not Your Grandfather's SIEM
• SAINTCON 2019 / Building your first SIEM with the Elastic Stack