EP184 One Week SIEM Migration: Fact or Fiction?
Aug 05, 2024•25 min•Season 1Ep. 184
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Guest:
- Manan Doshi, Senior Security Engineer @ Etsy
Questions:
- In your experience, what are the biggest challenges organizations face when migrating to a new SIEM platform? How did you solve them?
- Many SIEM projects have problems, but a decent chunk of these problems are not about the tool being broken. How did you decide to migrate? When is it time to go?
- Specifically, how to avoid constant change from product to product, each time blaming the tool for what are essentially process failures?
- How did you handle detection content during migration? Was AI involved?
- How did you test for this: “Which platform will best enable our engineering team to build what we need?”
- Tell us more about the Detection as Code pipeline you use?
- “Completed SIEM migration in a single week!” Is this for real?
Resources:
- Google Cloud Security Summit (August 20, 2024) and “Etsy and the art of SIEM Migration” presentation
- “Ancillary Justice” book
- StreamAlert
- SIEM migration blog (spicy version / vanilla version / long detailed version)
- Can We Have “Detection as Code”?
- Google SecOps
- EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast