How to shoot yourself in the foot with SIEM

Six ways to shoot yourself with SIEM technology:

1) Dont plan; just jump in
2) Have no defined scope or use cases; whatever
3) Confuse SIEM with Log Management
4) Monitor noise; apply no filters
5) Don’t correlate with any other technologies eg IDS, Vulnerability scanner, Active Directory
6) Staff poorly or not at all

For grins, here’s how programmers shoot themselves in the foot:

ASP.NET
Find a gun, it falls apart. Put it back together, it falls apart again. You try using the .GUN Framework, it falls apart. You stab yourself in the foot instead.

C
You try to shoot yourself in the foot, but find out the the gun is actually a howitzer cannon.

C++
You accidentally create a dozen clones of yourself and shoot them all in the foot. Emergency medical assistance is impossible since you can’t tell which are bitwise copies and which are just pointing at others and saying, “That’s me, over there.”

JavaScript
You’ve perfected a robust, rich user experience for shooting yourself in the foot. You then find that bullets are disabled on your gun.

SQL

SELECT @ammo:=bullet FROM gun WHERE trigger = ‘PULLED’;
INSERT INTO leg (foot) VALUES (@ammo);

UNIX

% ls
foot.c foot.h foot.o toe.c toe.o
% rm * .o
rm: .o: No such file or directory
% ls
%

Click here for the Top 6 Uses of SIEM.

24X7 SOC-AS-A-SERVICE

OPEN XDR PLATFORM

USE CASES

WHY NETSURION

PARTNERS

ALL CYBERSECURITY INSIGHTS

Level up your cybersecurity!

ABOUT NETSURION

XDR Hot Company

Next-Gen MDR Service

Best MDR Solution

How to shoot yourself in the foot with SIEM

How to shoot yourself in the foot with SIEM

Related Articles