21
Was skeptical about SIEM tools, then our SOC got hit hard
I used to think SIEM was just noise for 3 years running our small team. But after a credential stuffing attack slipped past our alerts last quarter, I realized we missed 40% of the indicators. Now I'm wondering - did you guys find SIEM useful from day one, or did it take a breach to convince you too?
2 comments
Log in to join the discussion
Log In2 Comments
barbararamirez7d ago
Hold on, @parker_foster53, I see it a little different. Was the breach really SIEM's fault, or was it how you set up the rules? We had a similar wake-up call, but our issue wasn't the tool itself - we were feeding it bad data and had too many false positives turned on. Once we cleaned up the logs and tuned the alerts, the "noise" dropped by half and the real threats stood out. Feels like a lot of people blame the tool when the real problem is how they configured it from the start.
9
parker_foster537d ago
Yeah we got caught with our pants down too. Thought we had it covered, then boom - credential stuffing cleaned our clock. SIEM went from "noise machine" to "must have" real quick after that.
6