siem-logging

Configure comprehensive security logging infrastructure using SIEM platforms (Elastic SIEM, Microsoft Sentinel, Wazuh, Splunk) to detect threats, investigate incidents, and maintain compliance audit trails. This skill covers platform selection, log aggregation architecture, detection rule development (SIGMA format and platform-specific), alert tuning, and retention policies for regulatory compliance (GDPR, HIPAA,...

| Platform | Cost | Deployment | Best For |

| Elastic SIEM | $$$ | Cloud/Self-Hosted | Multi-cloud, customization needs, DevOps teams | | Microsoft Sentinel | $$$ | Cloud (Azure) | Azure-heavy orgs, built-in SOAR, cloud-first | | Wazuh | Free | Self-Hosted | Cost-conscious, SMBs, compliance requirements | | Splunk ES | $$$$$ | Cloud/On-Prem | Large enterprises, massive scale, unlimited budget |

Configura i sistemi SIEM (Security Information and Event Management) per il rilevamento delle minacce, l'aggregazione dei log e la conformità. Da utilizzare quando si implementa la registrazione di sicurezza centralizzata, si scrivono regole di rilevamento o si soddisfano i requisiti di controllo nell'infrastruttura cloud e on-premise. Fonte: ancoleman/ai-design-components.