SIEM Questionnaires 

Collecting information about the client’s application infrastructure  via questionnaire simplifies the process of investigating the different systems envolved and the methodology of configuring their SIEM. A two level questionnaire have been created for the client’s to complete during the application onboarding process :

First level, is to identify the different components of the application.

Second level, is to identify how these components intigrate and the types of source logs.

These documents are living documents always evolving as we come across different hurdles in thE SIEM information gathering stage.

LDAP Query 

Today we created a dynamic list of privileged AD users using LDAP Query.  We are creating an access control rule for our client’s applications. Next step is to add the application data sources in to the LogRhythm.

We had a meeting with the SAIR team ( Ethical Hackers ) and we went through the Client’s Application Network structure and identified the different types of systems and the data type they are housing or accessing. From there we determined all the different types of scenarios that a hacker would do to gain access to the data. Next step is to create correlation rules to protect these systems.

SIEM System Implementation – High Level

The following are the different high level stages of planning, implementing and maintaining a SIEM system for a client:

Sales : Identifies the SIEM application the client’s requires/ requests.

Consulting Services: Develops the Project Charter – Identifies  the project milestones, Critical assets to protect and the security framework.

Technical Support: Installs the SIEM system in accordance to the sales and CS findings.

Managed Services: Engineers and Analysts reviews the project plan, system and technical processes. This is where rules are created, incident management is created and the project plan is implemented.

Geetings!

Hi All,

My company has tasked me to create a SIEM department to manage our Client’s SIEM systems ( i.e LogRhythm, Qradar and ESM MacAfee). This blog is an educational piece on the steps I’ve taken with the help of coworkers and clients to achieve this goal.  Please feel free to ask me any questions.

Regards,

SiemNinja