siem-logging

SKILL.md

Configure comprehensive security logging infrastructure using SIEM platforms (Elastic SIEM, Microsoft Sentinel, Wazuh, Splunk) to detect threats, investigate incidents, and maintain compliance audit trails. This skill covers platform selection, log aggregation architecture, detection rule development (SIGMA format and platform-specific), alert tuning, and retention policies for regulatory compliance (GDPR, HIPAA,...

| Platform | Cost | Deployment | Best For |

| Elastic SIEM | $$$ | Cloud/Self-Hosted | Multi-cloud, customization needs, DevOps teams | | Microsoft Sentinel | $$$ | Cloud (Azure) | Azure-heavy orgs, built-in SOAR, cloud-first | | Wazuh | Free | Self-Hosted | Cost-conscious, SMBs, compliance requirements | | Splunk ES | $$$$$ | Cloud/On-Prem | Large enterprises, massive scale, unlimited budget |

Configure sistemas de gestión de eventos e información de seguridad (SIEM) para la detección de amenazas, la agregación de registros y el cumplimiento. Úselo al implementar registros de seguridad centralizados, escribir reglas de detección o cumplir con requisitos de auditoría en la infraestructura local y en la nube. Fuente: ancoleman/ai-design-components.

Ver original