Book Review - Security Information and Event Management (SIEM) Implementation

In short – if you have been “doing” SIEM for any length of time you probably won’t get a whole lot out of this book. Conversely if you are starting to venture down the SIEM path you might want to pick it up.

I first read about this book on Dr. Anton Chuvakin’s blog. Even though his review was less than stellar, he did give it 4 stars (I'd give it 2.5). Similarly although the book’s title includes “implementation” and I have been using ArcSight for a little over two years now so I figured I would give it a shot. I was hopeful…and ended up sort of disappointed. Don’t get me wrong; I appreciate the time and effort the authors put into the book. There really isn’t a whole lot of SIEM type information “out there” which is one of the main reasons I started my own SIEM-esque blog. I think this book has the most value if you haven’t bought a SIEM through 3 or 4 months into your SIEM deployment as a way to level set the conversation (though the first part of the book is very basic).