Building an effective SIEM requires ingesting log messages and parsing them into useful information. While it might be easy to stream, push and pull logs from every system, device and application in your environment, that doesn’t necessarily improve your security detection capabilities. What you do with your logs – correlation, alerting and automated response – are the strength of a SIEM. Real-time security starts with understanding, parsing and developing actionable information and events from your log messages.

With the launch of a new site, (ISC)² was presented an opportunity to refine our security monitoring services. Linked below is an example of how we improved visibility on attacks against our web properties via web application firewall logs. We hope this brief technical example assists any organizations with similar needs.

– Michael McIntyre, CCSP, CISSP, SSCP
Security Engineer, (ISC)²

F5 WAF Syslog Parser