DashboardsΒΆ
So you got your logs ingested.. great!
Now what??
This is the end of the road for most SIEMs. Just some silly dashboard named Firewall is not enough for discovering hidden insights in your network.
You are left alone at this point. Analyzing the data is all by yourself, it is all your responsibility.
Where to start? what direction to take? what path to follow? Not trivial
First, you need to understand your data
What fields does it have?
How is it structured?
What information does it provide?
You also need to answer the most important question to yourself.
What is your intent?
What questions are you trying yo answer?
What is the usage you want to have for your data?
Finally, you need some core values to guide you through the process.
Join us on our journey into the rabbit hole of network logs analysis!!!
Happy threat hunting! π΅οΈββοΈπ