Things that you need:
1. A pipeline for telemetry that allows you to alert on critical events, search as needed.
2. A tool that enables automation of response processes.
Look at these as requirements, and add your own. Let no one tell you "the next thing we need is a SIEM."
5/1/2018, 10:13:53 AM