Check out these sessions from the Graylog GO 2023 User Conference where our experts share how empowering security teams and accelerating investigations is possible with Graylog.
Graylog Security combines centralized log management, data enrichment and normalization, correlation, threat detection, incident investigation, anomaly detection, and reporting capabilities into a single solution that’s easy to deploy, manage, and use.
Have you ever walked past a big screen or received a report filled with a sea of green and thought, “Wow, they are doing an amazing job?” They might be, but in reality, they most likely didn’t pick the right metrics and failed to embrace the red. Like or loathe them, metrics and key performance indicators (KPIs) are here to stay. When done right, they play a vital role in assessing how your security team is running, identifying gaps, and making it possible to implement improvements. Picking the right metrics is challenging, and we are often tempted to select those metrics that show teams and technology in a good light. In this talk, we will dive into metrics and KPIs inside your SIEM, what they are, where you start, what makes a good metric, and how to take them to the next level, embrace the red, and build better insights.
When you have never deployed a SIEM before deciding what log sources you should collect can be overwhelming, especially when running that SIEM is not your full-time job. In this session, we will cover the most valuable log sources that every new SIEM should be collecting, as well as simple guidelines that any small or medium IT department can use to guide the growth of their SIEM while avoiding creating a dumpster of low-value high noise logs.