Now you have the basics of a SIEM with THE MOST IMPORTANT thing. The XDR vendors needed time to assemble an interface and change the storage profile to allow for either search in pipeline or fast search after index. (Which is why I am shocked and dismayed when I see it done poorly ). Scalable search and log parsing are a commodity. Great! Now where do I go when I already hold all of the logs in the enterprise (more cost effectively) than the SIEM vendor that is collecting buckets of cash? Go GET THOSE BUCKETS!! So, what to do? The EDR vendors offered storage and analyses for their logs, and once they got good at that, they started offering storage of other logs to leverage their economies of scale. Especially since they got pressure and questions from their customers who tried to stuff EDR logs into too small licenses. XDR is the new sexy term for a SIEM being sold by an EDR vendor.ĮDR is the data source par excellence for the SIEM which the EDR vendors were quick to notice.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |