SIEM – Why?
SIEM – Why? | ClassiDocs Unstructured Data Classification
SIEM – Why integrate?
Your SIEM tool (Splunk, Arcsight, AlienVault, others) is an important front line defence tool and one of your first steps on your action plan for activities (nefarious or not).
We feel that data classification is an important artifact that your SIEM infrastructure (or service provider) should be considering as part of the overall threat landscape. This is new. This is unique. And these are use cases that MUST be considered.
Imagine where a user reclassifies thousands of files to a lower level. Don’t you think someone should know?
We feel that data classification actions are important to track at both a high and granular level.