Security monitoring best practices
Security monitoring and SIEM tools are highly beneficial in both the detection and prevention of serious threats attempting to exploit your estate and help to ensure your organization is compliant with regulations and requirements while giving measurable insights into where your security posture can improve.
For systems like these, we want to collect as much information as we can, from both a technical and legal or regulatory perspective, to ensure the highest level of visibility and aggregation and derive meaningful insights from the activity in our estate. This could include network device and server logs, Active Directory/IAM logs, vulnerability scanner and configuration management tool metrics, and so on.
Additionally, it's important to implement redundancy in this aggregated data and treat it as you would any critical data, where the risk is mitigated with backup and recovery strategies to align with your information security policies...