siem-logging

SKILL.md

Configure comprehensive security logging infrastructure using SIEM platforms (Elastic SIEM, Microsoft Sentinel, Wazuh, Splunk) to detect threats, investigate incidents, and maintain compliance audit trails. This skill covers platform selection, log aggregation architecture, detection rule development (SIGMA format and platform-specific), alert tuning, and retention policies for regulatory compliance (GDPR, HIPAA,...

| Platform | Cost | Deployment | Best For |

| Elastic SIEM | $$$ | Cloud/Self-Hosted | Multi-cloud, customization needs, DevOps teams | | Microsoft Sentinel | $$$ | Cloud (Azure) | Azure-heavy orgs, built-in SOAR, cloud-first | | Wazuh | Free | Self-Hosted | Cost-conscious, SMBs, compliance requirements | | Splunk ES | $$$$$ | Cloud/On-Prem | Large enterprises, massive scale, unlimited budget |

Configure security information and event management (SIEM) systems for threat detection, log aggregation, and compliance. Use when implementing centralized security logging, writing detection rules, or meeting audit requirements across cloud and on-premise infrastructure. Source: ancoleman/ai-design-components.

View raw