Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: January 2025.
Security Information and Event Management (SIEM) tools offer comprehensive visibility and management of an organization’s security events through real-time analysis and correlation of data from multiple sources.
SIEM solutions provide a centralized platform for managing security alerts and logs from various sources such as network devices, servers, and applications. They help identify and mitigate potential threats by analyzing event data for unusual patterns and correlations. These tools...
@Chiheb Chebbi,
I hope the below test cases are helpful.
Test 1 - Recon: Password Spraying
Test 2 - Privilege Escalation (windows): Powershell Dropper Attacks
Test 3 - Lateral Movement: PsExec
Test 4 - Privilege Escalation (Linux): Failed Sudo
Test 5 - Malicious Code Execution: Eicar Malware Test File
Some examples
https://drertugrulakbas.medium...
As a rule, a SIEM correlation should:
1) Reduce events by 99.99% - raw events to correlations
2) Impact system performance by <1%
3) Produce Correlated Threats with >35% true positive rate on investigation
- 33% are usually false positives or misconfigurations (not real threats)
- 33% are usually unexplained, root cause not discernable
4) Result in <10% false negatives (missed threats)