Things that you need:

1. A pipeline for telemetry that allows you to alert on critical events, search as needed.

2. A tool that enables automation of response processes.

Look at these as requirements, and add your own. Let no one tell you "the next thing we need is a SIEM."

5/1/2018, 10:13:53 AM

If you structure your requirements in a certain way (or let someone else "help" you with them), you may conclude that you need a SIEM.

I'm not arguing that no one needs a SIEM. I'm simply pointing out that, on the spectrum of needs, it's farther to the right than most assume.

5/1/2018, 10:18:07 AM

