Can You Roll Your Own SIEM
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the feasibility and benefits of building a custom cloud-native Security Information and Event Management (SIEM) system in this 29-minute Black Hat conference talk. Learn about Two Sigma's journey to replace their expensive third-party SIEM solution, including considerations for threat modeling, feature parity, and data ingestion methods. Discover the operational wins, lessons learned, and cost savings achieved through this in-house approach. Gain insights into the overall effort required, resulting capabilities, and improved observability and flexibility of a custom SIEM solution.
Syllabus
Introduction
Considerations & Requirements
Threat Model
Build vs. Buy
Feature Parity
What We Needed
Batch Loads
Streaming Ingest
Scheduled Queries
Streaming Alerting
Data Access Controls
Operational Wins
Lessons Learned
Overall Effort
Resultant Capabilities
Cost Savings
Observability & Flexibility
Taught by
Black Hat
Related Courses
Cybersecurity and Its Ten DomainsUniversity System of Georgia via Coursera Bases de données relationnelles : Comprendre pour maîtriser
Inria (French Institute for Research in Computer Science and Automation) via France Université Numerique Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Computing, Storage and Security with Google Cloud Platform
Google via Coursera