Re: Best practices in Security Operations—Customizations
Siem needs some customization or tuning.
First we need to make sure that correlation engines of the SIEM are really working, and can be customized even if it has specific rules that are built in. Second, the content packs of the SIEM tool should be updated so it will get the latest rule detection, watchlist, alarms, dashboards, global threat intelligence and performance upgrade of SIEM(event normalization and aggregation). This tool should subscribe to all government CERT's so it will acquire the latest threats to prevent zero day attacks.