siem-logginglisted

Configure security information and event management (SIEM) systems for threat detection, log aggregation, and compliance. Use when implementing centralized security logging, writing detection rules, or meeting audit requirements across cloud and on-premise infrastructure.
ancoleman/ai-design-components · ★ 368 · DevOps & Infrastructure · score 80

Install: claude install-skill ancoleman/ai-design-components

# SIEM Logging ## Purpose Configure comprehensive security logging infrastructure using SIEM platforms (Elastic SIEM, Microsoft Sentinel, Wazuh, Splunk) to detect threats, investigate incidents, and maintain compliance audit trails. This skill covers platform selection, log aggregation architecture, detection rule development (SIGMA format and platform-specific), alert tuning, and retention policies for regulatory compliance (GDPR, HIPAA, PCI DSS, SOC 2). ## When to Use This Skill Use this skill when: - Implementing centralized security event monitoring across infrastructure - Writing threat detection rules for authentication failures, privilege escalation, data exfiltration - Designing log aggregation for multi-cloud environments (AWS, Azure, GCP, Kubernetes) - Meeting compliance requirements for log retention and audit trails - Tuning security alerts to reduce false positives and alert fatigue - Calculating costs for high-volume security logging (TB/day scale) - Integrating security logging with incident response workflows ## SIEM Platform Selection ### Quick Decision Framework Choose SIEM platform based on: **Budget Considerations:** - **Unlimited budget** → Splunk Enterprise Security (enterprise features, proven scale) - **Moderate budget** ($50k-$500k/year) → Microsoft Sentinel or Elastic SIEM (cloud-native, flexible) - **Tight budget** (<$50k/year) → Wazuh (free, open-source XDR/SIEM) **Infrastructure Context:** - **Heavy Azure investment** → Microsoft Sentine