Introduction Gone are the days of focused technicians in a darkened lab with a table full of terminals located somewhere deep below the data center. Thankfully, simple logging and manual reviews by a roomful of techs have morphed into more automated processes. With SIEM systems, logs are now normalized and collected in a central location for analysis. As SIEMs have matured, more automatic alerting, and even reactions to events, have moved us into the security orchestration and automated response (SOAR) world—or as it’s also known in some circles, SIEM on steroids. Currently, according to Gartner, “Analytics are a core capability of all SIEM solutions.” 1 Analytics and response are what SOAR is all about. At its most basic level, the SIEM is defined by NIST as an “[a]pplication t

Join for free to read