We just raised a $30M Series A: Read our story

Badges

60 Points
3 Years

User Activity

Over 1 year ago
Neither, or both.  Having done literally thousands of SIEM deployments, I can tell you from experience that the technology choice isn't the most important choice. The critical choice is in the resources and commitment to manage and use the system. I've seen countless…
Over 1 year ago
Event correlation is an analytical process that looks for trends, patterns, thresholds, or sequences of events in your data. Even when they may not be the same event type (ex: a VPN authentication event followed by a door badge access event in a different location). There…
Over 1 year ago
CloudWatch is great, but it's not enough on its own. CloudWatch provides some limited alerting capabilities, but this is nothing like a true correlation engine or behavioral anomaly detection engine. You really need to feed your CloudWatch data into a SIEM or UEBA to get…
Over 1 year ago
CloudTrail logs are an excellent and necessary way to monitor activity in your AWS environment. They are the "under-the-hood" audit logs much like OS audit data, but covering the entire cloud infrastructure. This could include things like new compute instances created,…

Reviews

Answers

Over 1 year ago
Security Information and Event Management (SIEM)
Over 1 year ago
Security Information and Event Management (SIEM)