Have you been affected by the Volkswagen/Audi data breach?  (You can visit https://response.idx.us/audivwdataprotect/# to find out more information)

Security & GRCThreat Intelligence & Incident Response

Yes59%

No40%

346 PARTICIPANTS
2.1k views

Content you might like

NFTs: Hype or revolutionary?

Hype40%

Revolutionary42%

Too early to tell16%

What’s an NFT?

View Results

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models.  Scope includes Environment Setup:  Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation.  Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

How can security leaders in smaller organizations stay informed about emerging threats if they don’t have access to formal threat intelligence feeds?

Read More Comments

Blacklisting IPs is not an effective use of the security team’s time.

Strongly agree9%

Agree58%

Neutral15%

Disagree14%

Strongly disagree2%

Other (please specify)

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments
Have you been affected by the Volkswagen/Audi data breach? (You can visit https://response.idx.us/audivwdataprotect/# to find out more information) | Gartner Peer Community