Log Management Questions
Sep 13 2021
Hot data is necessary for live security monitoring.
Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions).
As an example, SolarWinds said the attackers first compromised its development environment on Sept. 4, 2019. So, to investigate the SolarWinds case, we have to go back to Sept. 4, 2019, from now on (July 13, 2021). In this case, we need at least 18 months of live data.
The second example of why hot data is critical is from the IBM data breach report. The average time to identify and contain a breach is 280 days, according to this report.
Hot data gives defenders the quick access they need for real-time threat hunting, but hot data is more expensive than the archive option in current SIEM solutions.
Keeping data hot for SIEM use is inevitably one of the most expensive data storage options.
What are your thoughts about it, dear professionals?(less)
Nov 18 2021
Dear community members,
I've been exploring Datadog vs ELK and I need your opinion about both of them in terms of performance, cost, and efficiency? Which one would you recommend?
Aug 09 2021
How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution?
Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?(less)
Sep 23 2021
Hi community members,
We know it's important to conduct a trial and/or proof of concept as part of the buying process.
Do you have any advice for our community about the best way to conduct a trial or PoC? How do you conduct a trial effectively?
Are there any mistakes to avoid?(less)
Jun 29 2021
When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
Let the community know what you think. Share your professional opinion!
Product CategoriesLog Management Security Information and Event Management (SIEM) User Behavior Analytics - UEBA
Download our free Log Management Report and find out what your peers are saying about NETMONASTERY, Splunk, IBM, and more!
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- What's the best way to trial log management tools?
- What is the difference between log management and SIEM?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?