Advice on SIEM management
Hi all, I trust you are well. Do any of you on the list manage the SIEM for your organization? I've been offered a job to setup a SIEM from scratch, and the software that would be used is log360 by ManageEngine. I am very new to this, and if you have any advice or tips, I would be much appreciated. Not sure if this is a job I'd want to go in to if it wouldn't be accessible. Of course training and certification would be provided, but what I'd like to know Is, is this worth a job from an accessible standpoint? I know I struggled to read logs from the event viewer as an example with screenreaders in the past and I'm just abit weary when it comes to log analysis from various devices etc. I don't mind reading logs if I have to troubleshoot a specific issue but having to deal with logs as a primary function of the job I may take could be frustrating I think. Not meaning to complain but, What I find very frustrating with logs is that I have to hear the time and date and then the actual text of the log. Would there be any way to just be able to filter the text and then if say something interesting was found, look at the dates and times? Help/advice would be much appreciated. Kind Regards
Greetings, I am essentially the CISO for county government where I work. I implemented Manage Engine's Service Desk Plus and for the most part you can do just about everything. Some of their other applications are not as good accessibility wise. I've never used their product. I purchased FortiSIEM from Fortinet Networks and it does everything I want it to. Windows logs are a pain for sure. The best way to do them is to try and filter out results as much as you can. There are tools out there that will send the information via SYSLOG. I haven't had the time to experiment with them lately, but when I tried several years ago, I wasn't able to find one that I could configure with JAWS. If you haven't already, download the demo from Manage Engine and give it a try. If I can be of any other assistance, please feel free to ask Best, Billy -----Original Message----- From: Zameer via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> Sent: Sunday, February 9, 2025 6:11 AM To: 'Mailing list for blind system administrators' <blind-sysadmins@lists.hodgsonfamily.org> Cc: Zameer <core7xx@gmail.com> Subject: [Blind-sysadmins] Advice on SIEM management Hi all, I trust you are well. Do any of you on the list manage the SIEM for your organization? I've been offered a job to setup a SIEM from scratch, and the software that would be used is log360 by ManageEngine. I am very new to this, and if you have any advice or tips, I would be much appreciated. Not sure if this is a job I'd want to go in to if it wouldn't be accessible. Of course training and certification would be provided, but what I'd like to know Is, is this worth a job from an accessible standpoint? I know I struggled to read logs from the event viewer as an example with screenreaders in the past and I'm just abit weary when it comes to log analysis from various devices etc. I don't mind reading logs if I have to troubleshoot a specific issue but having to deal with logs as a primary function of the job I may take could be frustrating I think. Not meaning to complain but, What I find very frustrating with logs is that I have to hear the time and date and then the actual text of the log. Would there be any way to just be able to filter the text and then if say something interesting was found, look at the dates and times? Help/advice would be much appreciated. Kind Regards _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
participants (2)
-
Billy Irwin -
Zameer