Mosaic 451 has released our Log optimization service for anyone looking to optimize their SIEM for price and performance. Why optimize your logs you say? Logs are the vital data collection point for any well run NOC or SOC. Having a strategy for log collection is as important to the SIEM it self. We have saved clients thousands of dollars per month just by optimizing their logs. Over a 3 year SIEM contract it adds up. This does not mean you give up any good data either. You make room for the important data.
Mosaic451 uses the design guides from the NSA issued as the Information Assurance Directorate for Microsoft Operating systems with focus on critical security alerting. In addition, we use a Log Nosie reduction guide we have built from our years of practical logging experience.
This is a Log file review for final recommendations to downsize the final Splunk Base license and Splunk Enterprise Security License by “De Duplicating” the data needed for Security alarming within the Splunk Common Information Model. We eliminate all low valued file noise from all systems being ingested into your SIEM to allow for the High Value data collection needed for quality alarming and security coverage. See here for the Splunk Log Optimization Service Catalog Example of what we can do for you.