https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47973#M401 <P>In a word: no.<BR />Of course you will need people to look at the event streams and make sense of them. This is true regardless of the amount of automation you build into the SIEM/SOAR system. You should also look at EDR/XDR solutions. SIEM tends to be a lagging indicator. EDR can potentially stop things before they create an incident. This is a really loaded question.</P> Tue, 19 Oct 2021 14:53:57 GMT peek 2021-10-19T14:53:57Z https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47953#M396 <P>When building a Security Operations Center (SOC), is a SIEM enough?&nbsp;</P> Mon, 18 Oct 2021 20:22:30 GMT https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47953#M396 bjames 2021-10-18T20:22:30Z https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47962#M398 <P>Enough what?</P> Tue, 19 Oct 2021 03:10:25 GMT https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47962#M398 bkwalker 2021-10-19T03:10:25Z https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47972#M400 <P>Is this a philosophical question?&nbsp;<span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P>&nbsp;</P><P><A href="https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf" target="_blank" rel="noopener">MITRE: Ten Strategies of a World-Class Cybersecurity Operations Center</A>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 19 Oct 2021 14:31:38 GMT https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47972#M400 tmekelburg1 2021-10-19T14:31:38Z https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47973#M401 <P>In a word: no.<BR />Of course you will need people to look at the event streams and make sense of them. This is true regardless of the amount of automation you build into the SIEM/SOAR system. You should also look at EDR/XDR solutions. SIEM tends to be a lagging indicator. EDR can potentially stop things before they create an incident. This is a really loaded question.</P> Tue, 19 Oct 2021 14:53:57 GMT https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47973#M401 peek 2021-10-19T14:53:57Z https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47993#M403 <P>It's a good start, but you will also need security analysts, automation, processes to follow, etc.</P> Wed, 20 Oct 2021 14:12:41 GMT https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/47993#M403 mstoyanoff 2021-10-20T14:12:41Z https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/48028#M409 <P>This is a somewhat&nbsp; strange question in my opinion. It depends!. If your SIEM covers every possible threat vector for your organization then I guess it would be ok. In real life, it's highly unlikely that this would be the case though. You would probably need elements of SOAR, EDR etc too.&nbsp; I might be wrong.&nbsp;</P><P>&nbsp;</P> Sat, 23 Oct 2021 22:43:29 GMT https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/48028#M409 Hari 2021-10-23T22:43:29Z https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/48114#M410 <P>In one word, nope! A SIEM is a robust tool to fetch logs and correlate, analyze uses the build in AI to show you its calculated output. However, first thing while you procure a SIEM, understand your business, identify your threat landscape. You are going to need many use cases catered for your organization. While building the use cases, you might come up with the need to many tools, whose logs are needed in the SIEM to make it something useful.</P> Sat, 30 Oct 2021 15:18:53 GMT https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/48114#M410 curious_mind 2021-10-30T15:18:53Z https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/48520#M422 <P>Short answer would be no. SIEM is a great start, but not enough. For a more mature SOC you would want to incorporate more tools and data sources to enhance detection and analytic capabilities.</P> Sun, 05 Dec 2021 04:51:51 GMT https://community.isc2.org/t5/Threats/When-Building-a-SOC/m-p/48520#M422 sergeling 2021-12-05T04:51:51Z