{"id":5046,"date":"2020-03-02T21:09:12","date_gmt":"2020-03-02T21:09:12","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5046"},"modified":"2021-04-16T13:18:47","modified_gmt":"2021-04-16T12:18:47","slug":"siem-logging-best-practices","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices","title":{"rendered":"SIEM Logging Best Practices"},"content":{"rendered":"<p>As the cybersecurity threat landscape\u00a0becomes increasingly sophisticated, managed services providers (MSPs) should take extra precautions to protect their customers\u2019 networks. A security information and event management (SIEM) system is an excellent choice for MSPs because it helps mitigates cybersecurity threats from two different angles, all from a single interface. SIEM collects information from multiple data sources\u2014network data, threat intelligence feeds, compliance regulations, firewalls, etc.\u2014and uses that data to power capabilities designed to help IT admins respond to threat events in real time.<\/p>\n<p>In contrast to singular security control systems like\u00a0<a class=\"ext\" href=\"https:\/\/www.solarwinds.com\/solutions\/it-asset-solutions\" target=\"_blank\" rel=\"noopener noreferrer\">asset management<\/a>\u00a0or network intrusion detection, SIEM allows you to dig deeper into security vulnerabilities by unifying information from disparate systems and offering unparalleled visibility into events that occur in your system. SIEM is not a threat detection system in and of itself, but it enhances the security tools you already use by providing real-time insights to build upon. If you put high-quality log data into an SIEM tool, you\u2019ll receive high-quality security insights about your network. These insights can help make your network security protocols stronger and more precise.<\/p>\n<p>Unfortunately, many IT administrators treat SIEM implementation like a \u201cset it and forget it\u201d solution. To experience the full benefits of security information and event management, MSPs should adopt a set of best practices to optimize said solution, beginning with security logging.<\/p>\n<h3><b>What are SIEM logs?<\/b><\/h3>\n<p>How does\u00a0<a class=\"ext\" href=\"https:\/\/www.loggly.com\/solution\/security-log-analysis\/\" target=\"_blank\" rel=\"noopener noreferrer\">security logging<\/a>\u00a0fit into SIEM implementation best practices? If you break SIEM down to its core components, it\u2019s a log management system. All the information a SIEM tool gathers comes in the form of logs, or records of events that occur within an organization\u2019s IT infrastructure and network.<\/p>\n<p>Examples of logs collected by SIEM include, but aren\u2019t limited to:<\/p>\n<ul>\n<li>Firewalls<\/li>\n<li>Routers and switches<\/li>\n<li>Wireless access points<\/li>\n<li>Vulnerability reports<\/li>\n<li>Partner information<\/li>\n<li>Antivirus and antimalware<\/li>\n<\/ul>\n<p>However, since SIEM tools are large in scope and constantly collect log data from everywhere in your system, they can be a little complicated and unwieldy to implement. SIEM best practices help MSPs avoid common pain points down the line by helping them use SIEM as effectively as possible from the get-go.<\/p>\n<h3><b>SIEM logging best practices<\/b><\/h3>\n<p><b>1. Start slow<\/b><\/p>\n<p>The most common mistake MSPs make regarding SIEM implementation is trying to do too much too soon. Before you even start searching for a SIEM solution, it\u2019s best to define the scope of your SIEM deployment and think about what you want SIEM to do for you and your customers.<\/p>\n<p>Start by isolating objectives, taking stock of existing security protocols, and brainstorming how these protocols will fit in with your prospective SIEM implementation. You can also segment everything you want to monitor into groups and define how you want to monitor them\u2014this can help ensure you have a bit of a game plan heading into logging.<\/p>\n<p>Once you\u2019ve done your homework, don\u2019t deploy a SIEM system across your customer&#8217;s entire IT infrastructure just yet\u2014do it piecemeal. Test out your SIEM solution on a small section of the system to see how well it works, demonstrate potential return on investment, and identify key security vulnerabilities that should be addressed right away. Easing into SIEM rather than jumping in will help ensure that logging works for you, not against you.<\/p>\n<p><b>2. Think about compliance requirements<\/b><\/p>\n<p>SIEM logging can help your business demonstrate compliance with security regulations and audits, but only if you know what those standards are ahead of time. Before you commit to a SIEM system, create a list of the HIPAA, GDPR, HITECH, and any other IT regulations you have to comply with. Then use that list to compare required regulations to the solutions you\u2019re considering.<\/p>\n<p>Not only will that narrow down your list of contenders, it will force you to consider the amount of log data you need. Keeping the amount you need to keep in order to remain compliant will also inform logging and monitoring best practices.<\/p>\n<p><b>3. Adjust correlation rules<\/b><\/p>\n<p>SIEM correlation\u00a0optimizes SIEM implementation for MSPs by allowing them to configure SIEM to the unique needs of their clients. SIEM works by collecting data from multiple sources and then filtering, analyzing, and correlating that data to determine whether it warrants being flagged as a security alert.<\/p>\n<p>As such, it\u2019s best to adjust correlation rules and set thresholds according to what makes sense for each specific customer you work with. Remember that SIEM is designed to uncover connections between events that would otherwise go unnoticed, so use that to your advantage. Start with the preconfigured configuration rules that come with your SIEM solution and work your way backwards, disabling and enabling parameters according to what you do and don\u2019t want correlated.<\/p>\n<p><b>4. Collect security log data efficiently<\/b><\/p>\n<p>Try to strike a happy medium between collecting enough data such that you get a comprehensive view of the network but aren\u2019t overwhelmed by the sheer volume of information. SIEM isn\u2019t a one-size-fits-all solution, but MSPs should always collect log data related to:<\/p>\n<ul>\n<li>Authorization successes and failed attempts<\/li>\n<li>Changes to user privileges<\/li>\n<li>Application errors and performance issues<\/li>\n<li>Opt-ins like terms and conditions<\/li>\n<li>All actions done by users with administrative privileges<\/li>\n<\/ul>\n<p>It\u2019s best to exclude log data pertaining to:<\/p>\n<ul>\n<li>Information that\u2019s illegal to collect<\/li>\n<li>Banking information or credit card data<\/li>\n<li>Encryption keys<\/li>\n<li>Passwords<\/li>\n<li>Personally identifiable information (PII)<\/li>\n<\/ul>\n<p><b>5. Have a plan after IT threat detection<\/b><\/p>\n<p>Choosing the right SIEM solution and employing SIEM logging best practices is only half the battle. It\u2019s critical that MSPs have an incident response plan in place to act on the security vulnerabilities uncovered by SIEM. Make sure you have designated roles for every technician during a security event, especially those responsible for communicating with customers and other relevant parties. Also, have a plan in place for recovering any lost sensitive data.<\/p>\n<p>&nbsp;<\/p>\n<p><b>For more information on\u00a0<a href=\"https:\/\/www.n-able.com\/blog\/search?keywords=SIEM\" target=\"_blank\" rel=\"noopener\">SIEM read through our related blog articles.<\/a><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn about the top SIEM implementation best practices that allow IT administrators to gather log data and real-time event data and turn it into actionable information.<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5046","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SIEM Logging Best Practices - N-able<\/title>\n<meta name=\"description\" content=\"Learn about the top SIEM implementation best practices that allow IT administrators to gather log data and real-time event data and turn it into actionable information.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SIEM Logging Best Practices - N-able\" \/>\n<meta property=\"og:description\" content=\"Learn about the top SIEM implementation best practices that allow IT administrators to gather log data and real-time event data and turn it into actionable information.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-02T21:09:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-16T12:18:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"N-able\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"N-able\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"5\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices\"},\"author\":{\"name\":\"N-able\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\"},\"headline\":\"SIEM Logging Best Practices\",\"datePublished\":\"2020-03-02T21:09:12+00:00\",\"dateModified\":\"2021-04-16T12:18:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices\"},\"wordCount\":988,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices\",\"url\":\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices\",\"name\":\"SIEM Logging Best Practices - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de#website\"},\"datePublished\":\"2020-03-02T21:09:12+00:00\",\"dateModified\":\"2021-04-16T12:18:47+00:00\",\"description\":\"Learn about the top SIEM implementation best practices that allow IT administrators to gather log data and real-time event data and turn it into actionable information.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/de\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SIEM Logging Best Practices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/de#website\",\"url\":\"https:\/\/www.n-able.com\/de\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/de?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/de#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/de\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\",\"name\":\"N-able\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"caption\":\"N-able\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SIEM Logging Best Practices - N-able","description":"Learn about the top SIEM implementation best practices that allow IT administrators to gather log data and real-time event data and turn it into actionable information.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices","og_locale":"de_DE","og_type":"article","og_title":"SIEM Logging Best Practices - N-able","og_description":"Learn about the top SIEM implementation best practices that allow IT administrators to gather log data and real-time event data and turn it into actionable information.","og_url":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2020-03-02T21:09:12+00:00","article_modified_time":"2021-04-16T12:18:47+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"N-able","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Verfasst von":"N-able","Gesch\u00e4tzte Lesezeit":"5\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices"},"author":{"name":"N-able","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b"},"headline":"SIEM Logging Best Practices","datePublished":"2020-03-02T21:09:12+00:00","dateModified":"2021-04-16T12:18:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices"},"wordCount":988,"publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"articleSection":["Security"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices","url":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices","name":"SIEM Logging Best Practices - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/de#website"},"datePublished":"2020-03-02T21:09:12+00:00","dateModified":"2021-04-16T12:18:47+00:00","description":"Learn about the top SIEM implementation best practices that allow IT administrators to gather log data and real-time event data and turn it into actionable information.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/de\/blog\/siem-logging-best-practices#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/de\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"SIEM Logging Best Practices"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/de#website","url":"https:\/\/www.n-able.com\/de","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/de?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/de#organization","name":"N-able","url":"https:\/\/www.n-able.com\/de","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b","name":"N-able","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","caption":"N-able"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/5046","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/comments?post=5046"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/5046\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/media?parent=5046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}