[Blind-sysadmins] Advice on SIEM management