Efficient SIEM and Detection Engineering in 10 steps

SIEM systems and detection engineering are not just about data and detection rules. Planning and processes are becoming increasingly important over time. In 10 steps, you will learn how to approach detection in cybersecurity efficiently.

1. Just start

If you have ever been programming, you will certainly be familiar with software engineering. We can follow various methodologies in projects. It used to be that the waterfall model was the most popular. First there was the plan, then the analysis, then the implementation… and at the end it turned out that the customer had ordered something else. The solution to this problem was agile programming. Scrum is a popular example.

But why do I mention agile methodologies in an article about SIEM and detection engineering? Because they can be implemented in their own way in the cybersecurity world. Many people ask me: How do I get started? How many servers should I order? Which drives? How many nodes? etc. The answer is simple: it depends.

It all depends on the context. It is best to start as soon as possible. Set up a simple cluster and start collecting logs. What will we gain?

1. First iteration/sprint 🙃
2. We will recognise which sources we have available