Getting the most out of your SIEM, Step #1 Know yourself and your tools.

A SIEM tool is not a vacuum cleaner; you can’t just turn it on and have it siphon up all your log information, and bag it up nicely for you to later dump with out getting your hands dirty. A SIEM requires hands on work, and careful consideration of your particular environment. What may be perfectly normal in your environment may very well be a red flag for another environment. Many times companies will buy a SIEM to simply "check off the box" of some compliance requirement without ever seeing if the solution will work for them.

SIEM vendors, including Solarwinds, have worked diligently to make the out of the box experience with SIEM more “vacuum-esque”, with easier configuration tools, and out of the box rules, alerts and reports. Unfortunately there is no one-size-fits-all approach a vendor can take to apply to all industries and businesses.

With all that being said I would encourage the following: Know your network, spend time with it (many of you already do). Then spend time and effort configuring your SIEM for your network and your needs. In the end it will be a much more fulfilling experience. After all, what is the point of a tool if it isn’t used properly?