New Blog Post | Modernize Log Management with the Maturity Model for Event Log Management (M-21-31)

%3CLINGO-SUB%20id%3D%22lingo-sub-3073214%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Modernize%20Log%20Management%20with%20the%20Maturity%20Model%20for%20Event%20Log%20Management%20(M-21-31)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3073214%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AshleyMartin_0-1643232887213.png%22%20style%3D%22width%3A%20692px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F342780iA664E35AE59C0B09%2Fimage-dimensions%2F692x405%3Fv%3Dv2%22%20width%3D%22692%22%20height%3D%22405%22%20role%3D%22button%22%20title%3D%22AshleyMartin_0-1643232887213.png%22%20alt%3D%22AshleyMartin_0-1643232887213.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-sentinel-blog%2Fmodernize-log-management-with-the-maturity-model-for-event-log%2Fba-p%2F3072842%22%20target%3D%22_blank%22%3EModernize%20Log%20Management%20with%20the%20Maturity%20Model%20for%20Event%20Log%20Management%20(M-21-31)%20Solution%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EManaging%20the%20unknown%20unknowns%20is%20a%20continual%20challenge%20for%20security%20operations%20teams.%20How%20do%20you%20know%20when%20you%20have%20a%20monitoring%20blind%20spot%2C%20and%20will%20the%20threat%20find%20it%20before%20you%20do%3F%20Security%20teams%20must%20monitor%2Fmeasure%20log%20health%2C%20coverage%2C%20and%20maturity.%20Too%20often%2C%20security%20teams%20discover%20these%20blind%20spots%20after%20an%20attack%20occurs.%20Investigating%20security%20incidents%20without%20logs%20presents%20significant%20challenges.%20Log%20sources%20feeding%20primary%20SecOps%20monitoring%20use%20cases%20must%20have%20equal%20or%20better%20Service%20Level%20Agreements%20(SLA)%20than%20respective%20use%20cases.%20For%20example%2C%20a%20SecOps%20monitoring%20use%20case%20for%20ransomware%20within%2015-minute%20response%20SLAs%20must%20equal%20or%20better%20log%20health%20response%20as%20conflicts%20will%20greatly%20reduce%20response%20times.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3073214%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Defender%20for%20Cloud%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

AshleyMartin_0-1643232887213.png

Modernize Log Management with the Maturity Model for Event Log Management (M-21-31) Solution - Micro...

Managing the unknown unknowns is a continual challenge for security operations teams. How do you know when you have a monitoring blind spot, and will the threat find it before you do? Security teams must monitor/measure log health, coverage, and maturity. Too often, security teams discover these blind spots after an attack occurs. Investigating security incidents without logs presents significant challenges. Log sources feeding primary SecOps monitoring use cases must have equal or better Service Level Agreements (SLA) than respective use cases. For example, a SecOps monitoring use case for ransomware within 15-minute response SLAs must equal or better log health response as conflicts will greatly reduce response times.

0 Replies