SIEM Use Cases: Defining ‘Why’

Security Incident and Event Management platforms are one of the most important tools in a security team's arsenal. They are also one of the most expensive and time consuming tools in that same toolbox. For a fledging security team, a SIEM may seem like one of the first project to undertake (if you have your … Continue reading SIEM Use Cases: Defining ‘Why’

Initial Security Onion Problems

I have been working on implementing Security Onion in a production environment. The two major problems that have given me headaches so far is storage on the sensor nodes, and internal networking. Networking Problem Security Onion uses docker to create and manage different aspects of itself. Below is a good image of the different containers … Continue reading Initial Security Onion Problems