SIEM @Home

I'm already mentioned in my previous article about Traffic Analysis in Qubes OS, that the IDS system alerts and logs should be passed to a log management system where we can correlate them with other logs and alerts. That system can be called SIEM

However a real SIEM system makes sense in an enterprise environment only, because it is requires 7x24 monitoring,  and it is also needs special knowledge and experience to analyze the results.

Keep reading →