ArcSight Best Practices

The importance of being a SIEM Security Use Case

 "Every Journey starts with a single step"

A SIEM Security Use Case is this first single step in the, increasingly more important, task of identifying threats in our corporate environment.

We can define a Use Case as a business requirement or a (security) problem that needs to be solved. In order to solve this problem, SIOC Content Developers and analysts need a starting point, direction, a structure, a metodology, an objective; all these provided by a good Use Case definition process.

Micro Focus provides a good SIEM Use Case template for reference that can be leveraged to build Use Cases to detect different threat vectors that will trigger actionable SIEM alerts withing the SIOC incident response workflow.

Version history
Revision #:
6 of 6
Last update:
‎03-26-2018 05:05 AM
Updated by:
0 Kudos