{"id":3080,"date":"2020-07-13T16:50:34","date_gmt":"2020-07-13T20:50:34","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3080"},"modified":"2020-07-13T16:50:34","modified_gmt":"2020-07-13T20:50:34","slug":"what-generated-data-should-your-siem-ingest","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/","title":{"rendered":"What Generated Data Should Your SIEM Ingest?"},"content":{"rendered":"

\"What<\/p>\n

What data should your SIEM solution ingest for optimal performance?\u00a0<\/span><\/p>\n

In traditional SIEM strategy and execution, SIEM collects and ingests data from throughout the enterprise network. Then, the solution normalizes the data for easy analysis and uses the information to uncover security events. Therefore, IT security teams can discover and investigate potentially connected security events and uncover breaches early.<\/span><\/p>\n

ALERT: Our Buyer\u2019s Guide for SIEM<\/a> helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace and Bottom Line Analysis.<\/div><\/span><\/p>\n

As it can uncover security issues and attacks from anywhere, SIEM and similar cybersecurity technologies like SOAR take on special importance during the coronavirus pandemic. SIEM can help with investigations even on remote devices. Additionally, its data ingestion capabilities can uncover malicious user behaviors.\u00a0\u00a0<\/span><\/p>\n

However, this traditional understanding of SIEM doesn\u2019t address a significant problem in legacy SIEM and in SIEM misconfiguration: improper data. Not all data generated by enterprises\u2014which could total in the terabytes every week\u2014is relevant. How do you know what your SIEM should ingest?\u00a0<\/span><\/p>\n

What Data Should Your SIEM NOT Ingest?\u00a0\u00a0\u00a0\u00a0<\/b><\/h3>\n

Let\u2019s begin to answer this question by examining the opposite. What should you avoid plugging into your cybersecurity for optimal performance?\u00a0<\/span><\/p>\n

First, your security team should not try to feed your SIEM every log generated by your business\u2019 infrastructure. After all, this creates a serious challenge to your IT security team. The more logs you feed into your SIEM, the more alerts you create…and thus the more potential false positives. The chances that the system mistakes normal behavior as suspicious rise exponentially. This could cause serious burnout, not to mention the burying of legitimate alerts beneath the deluge.\u00a0<\/span><\/p>\n

Additionally, this puts the success or failure of your SIEM policy on your IT security team, who must maintain your solution and moderate its effectiveness.\u00a0<\/span><\/p>\n

What Data Should You Seek Out?<\/b><\/h3>\n

Instead of trying to ingest all log data, select only the log data based on the most critical databases and digital locations. That way, you can ensure that the information and alerts generated by the SIEM solution is worth your team\u2019s time and energy to investigate. Additionally, you should make sure your solution ingests the activities and behaviors of your users via UEBA.\u00a0<\/span><\/p>\n

This could help prevent account compromise and insider threats over the long term.\u00a0<\/span><\/p>\n

Learn more in our SIEM Buyer\u2019s Guide.<\/span><\/p>\n


Widget not in any sidebars
\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

What data should your SIEM solution ingest for optimal performance?\u00a0 In traditional SIEM strategy and execution, SIEM collects and ingests data from throughout the enterprise network. Then, the solution normalizes the data for easy analysis and uses the information to uncover security events. Therefore, IT security teams can discover and investigate potentially connected security events […]<\/p>\n","protected":false},"author":41,"featured_media":2769,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1,3],"tags":[95,86,48,21,22,1354,1353],"acf":[],"yoast_head":"\nWhat Generated Data Should Your SIEM Solution Ingest?<\/title>\n<meta name=\"description\" content=\"What data should your SIEM solution ingest for optimal performance?\u00a0We take a brief look at the best data for cybersecurity.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Generated Data Should Your SIEM Solution Ingest?\" \/>\n<meta property=\"og:description\" content=\"What data should your SIEM solution ingest for optimal performance?\u00a0We take a brief look at the best data for cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-13T20:50:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/09\/AI-Eye.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/\",\"name\":\"What Generated Data Should Your SIEM Solution Ingest?\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/09\/AI-Eye.jpg\",\"datePublished\":\"2020-07-13T20:50:34+00:00\",\"dateModified\":\"2020-07-13T20:50:34+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"What data should your SIEM solution ingest for optimal performance?\u00a0We take a brief look at the best data for cybersecurity.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/09\/AI-Eye.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/09\/AI-Eye.jpg\",\"width\":800,\"height\":400,\"caption\":\"Kaseya 2021 IT Operations Survey Reveals Key Security Trends\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Generated Data Should Your SIEM Ingest?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Generated Data Should Your SIEM Solution Ingest?","description":"What data should your SIEM solution ingest for optimal performance?\u00a0We take a brief look at the best data for cybersecurity.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/","og_locale":"en_US","og_type":"article","og_title":"What Generated Data Should Your SIEM Solution Ingest?","og_description":"What data should your SIEM solution ingest for optimal performance?\u00a0We take a brief look at the best data for cybersecurity.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2020-07-13T20:50:34+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/09\/AI-Eye.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/","name":"What Generated Data Should Your SIEM Solution Ingest?","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/09\/AI-Eye.jpg","datePublished":"2020-07-13T20:50:34+00:00","dateModified":"2020-07-13T20:50:34+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"What data should your SIEM solution ingest for optimal performance?\u00a0We take a brief look at the best data for cybersecurity.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/09\/AI-Eye.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/09\/AI-Eye.jpg","width":800,"height":400,"caption":"Kaseya 2021 IT Operations Survey Reveals Key Security Trends"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-generated-data-should-your-siem-ingest\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"What Generated Data Should Your SIEM Ingest?"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3080"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3080"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3080\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/2769"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3080"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}