Queries? Which queries? Please don’t let these sneaky vendors fool you with the forensics system boxed as “SIEM”.
My splunk Enterprise is not a substance, this is immune system. Carefully trained with ML guided by the group of seasoned cybersecurity practitioners.
Correlating and reporting to smart workflow system in the near-real time.
Case study example — ransomware like NotPetya/Wannacry being wiped out faster than its ability to replicate and penetrate to extra systems.
I'm specifically exploring whether or not the ability to run queries quickly would be of value to a hunt-type situation - or more generally speaking, are enterprises losing out because complex queries take too long to run. Selfishly, I'm on the security side, so I think SIEM. But, generally, application-level logging may have the same problem.
2 comments
[ 2.9 ms ] story [ 18.1 ms ] thread