In a perfect world, there would not be any need to mull over what data sources to integrate into an organization’s security information and event management (SIEM) solution. All kinds of data that can be used and abused by threat actors should be added. After all, attacks can hide behind seemingly innocuous logs.
But in reality, each data source comes at an additional cost since most SIEM solution providers typically charge per gigabyte. Thus, organizations have to strike a balance between budget constraints and security. However, one should not necessarily suffer for the sake of the other. But that requires careful strategizing in terms of what data sources to integrate into SIEM solutions.
This post takes a deep dive into SIEM data sources to help organizations understand the following:
- What SIEM data sources are
- Factors to consider when choosing SIEM data sources to feed to solutions
- Potential data sources to integrate into SIEM solutions