State of the SOC/SIEM
Industry statistics
Industry problems
Log Monitoring
Assets
Windows/Linux
Network devices
Security devices
Data gathering strategies
Pre-planning
Logging architecture
Log inconsistencies
Log collection and normalization
Log retention strategies
Correlation and gaining context
Reporting and analytics
Alerting
SIEM platforms
Commercial solutions
Home-grown solutions
Planning a SIEM
Ingestion control
What to collect
Mission
SIEM Architecture
Ingestion techniques and nodes
Acceptance and manipulation for value
Augmentation of logs for detection
Data queuing and resiliency
Storage and speed
Analytical reporting
Visualizations
Detection Dashboards