Just starting to sink my teeth into Security Information and Event Management (SIEM). Never thought I’d like building the haystack before I started looking for the needle. There is quite a lot of information logged about some simple events that I thought would only touch one system. It is interesting to see all the things that happen under the hood and all the possible correlations you can draw when you finally take a look. I dont even have all the infrastructure on the network dumping log files into the SEIM yet it the screen flashes by. Hoping to put into practice some of the information that gets discussed when RSA comes by to do demos. This is intriguing and enjoyable. I always love new puzzles.