SIEM @Home

I’m already mentioned in my previous article about Traffic Analysis in Qubes OS, that the IDS system alerts and logs should be passed to a log management system where we can correlate them with other logs and alerts. That system can be called SIEM

However a real SIEM system makes sense in an enterprise environment only, because it is requires 7×24 monitoring,  and it is also needs special knowledge and experience to analyze the results.

Keep reading →