Neither, or both.  Having done literally thousands of SIEM deployments, I can tell you from experience that the technology choice isn't the most important choice. The critical choice is in the resources and commitment to manage and use the system. I've seen countless SIEM…

Event correlation is an analytical process that looks for trends, patterns, thresholds, or sequences of events in your data. Even when they may not be the same event type (ex: a VPN authentication event followed by a door badge access event in a different location). There…

CloudWatch is great, but it's not enough on its own. CloudWatch provides some limited alerting capabilities, but this is nothing like a true correlation engine or behavioral anomaly detection engine. You really need to feed your CloudWatch data into a SIEM or UEBA to get…

CloudTrail logs are an excellent and necessary way to monitor activity in your AWS environment. They are the "under-the-hood" audit logs much like OS audit data, but covering the entire cloud infrastructure. This could include things like new compute instances created…