One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 490725 |
| Date de publication | 2018-02-26 14:00:00 (vue: 2018-02-26 14:00:00) |
| Titre | SIEM Content Engineer - Why Is It a “Thing”? |
| Texte |
If you Google “SIEM Content Engineer,” “SIEM Threat Content Engineer,” or “SIEM Content Developer,” you will see a bunch of ads, job listings and very little other content. I believe this is because the concept is new, and it appears SIEM Content Engineer is emerging as a new job title that HR departments in large companies have latched onto for a role/job that, in reality, has been around for years.
For at least a decade, Anton Chuvakin of Gartner has been discussing SIEM roles and responsibilities. This new term is likely to set off even more discussion.
SIEM Content Engineer Role & Responsibilities
The SIEM Content Engineer role seems to be defined with quite a range of responsibilities, according to the job listings I reviewed. Here are some samples plucked from researching the term and checking out jobs:
Analyzing, designing, developing and delivering solutions to stop adversaries
Identifying threats
Incident response
Risk reviews
Vulnerability management
Event monitoring, including log management and SIEM
Defining how logs should be parsed
Writing new correlation rules
Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities
Writing custom active lists, queries, and rules
Care and content of SIEM platforms
Developing custom content based on threat intelligence
Ensure SIEM technologies are integrated & utilized to protect cyber related assets
The qualifications that were required varied quite a bit, most desiring a technical college degree and hands-on experience with SIEM. Some were quite specific, including things like knowledge of basic networking protocols and addressing schemes, e.g., TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc.
Do All SIEMs Require SIEM Content Engineers?
SIEM is one of the core capabilities of AlienVault’s Unified Security Management (USM) platform. And yet, despite having worked at AlienVault for four years now, this title “SIEM Content Engineer” was totally foreign to me.
I was curious about this new buzzworthy job title, so I asked my colleagues if they were familiar with it. One of my colleagues in Product Marketing who had worked for/with other SIEM vendors in the past was aware of the job title. He explained to me that even now, legacy SIEM products aren’t ready “out of the box” – they are far from a quick implementation. In order to function well, those SIEMs often require a dedicated team, or at least one person, to solely focus on writing custom correlation rules and queries. It seems as though those big, custom data analytics solutions still require quite a bit of human intelligence and effort to work properly.
For example, it can be tricky for IT security practitioners to integrate emerging threat intelligence with the SIEM correlation engine so a SIEM Content Engineer may be required. I’m going to have to brag about AlienVault a bit, as the AlienVault Labs Security Research Team handles 100 percent of that task for USM users. In addition to other research methods and sources, this team analyzes and validates the shared threat data in the |
| Envoyé | Oui |
| Condensat | “out “siem contrast could 100 2001 about according achieve across active activities activity addition addresses addressing ads advantage adversaries adversary affordable alerts alerts; alienvault alienvault’s aligns all allows/denies also alternative analytics analyzes analyzing anton appears applicable approach are aren’t around asked assessment asset assets attribution automatically automation aware based basic basically because been behavioral believe better big bit blocks box box” brag bunch but buzzworthy can capabilities care center centralized checking chuvakin cidr cloud collaborative colleagues collection college come coming communications community community; companies company compliance compromise computers concept conclusion conducting content contributed control controller coordinating core correlation create critical criticality crossing curious custom customization cyber daily data database decade dedicated default defined defining definition degree delivered delivering departments deploy description designing desiring despite details; detection determining developer developing directory discovery discussing discussion dns domain domains duties early easier editing effective effort eliminates email emerge emerging enable engine engineer engineer” engineers ensure enterprises environment environments esecurity etc evaluating even event events example exchange experience explained fact familiar far faster features fewer file find findings firewall focus for/with foreign four from function functions future gartner get global going google governments growing had handles hands has hashes have having hear heavy here how human i’m identifying identity impact; implementation incident includes including indicators infrastructure integrate integrated integrating integration intelligence intrusion investigating iocs isn’t job jobs jobs: just knowing knowledge labs large larger largest latched lean least legacy letting like likely list listings lists little log login/logoff logs long lot mainframe maintaining make making malicious manage management marketing may methods monitoring monitors more most multiple necessary need networking new newer not now off often old one ongoing only onto open operations order organization other otx out outbound parsed past percent performing persistent person place platform platforms plucked point power practitioners pragmatic premises product products properly protect protocols provide provides qualifications queries quick quite raised range raw ready reality reason receive regularly related relevant remember require required requirements research researchers researching responds response responsibilities rest reviewed reviewing reviews risk role role/job roles rules rules; run samples schemes scope security see seems send sending server set setting shared sharing should siem siems since smaller soc solely solution solutions some somebody soon sources specific staffing standalone stop struggling subnets suitable sure suspicious systems take task tcp/ip team technical technologies technology term theory these thing things this: those though thought threat threats title tool tools totally transfers triage tricky typical typically underlying unified update use useless users usm utilized validates varied vendors very visibility vulnerability way web well what what’s when where wherein which who whole why will within work worked working write writing years yet your “thing” |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.