performing-log-source-onboarding-in-siem

Featured

Perform structured log source onboarding into SIEM platforms by configuring collectors, parsers, normalization, and validation for complete security visibility.

AI & Automation 16,326 stars 1981 forks Updated 2 weeks ago Apache-2.0

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing Log Source Onboarding in SIEM ## Overview Log source onboarding is the systematic process of integrating new data sources into a SIEM platform to enable security monitoring and detection. Proper onboarding requires planning data sources, configuring collection agents, building parsers, normalizing fields to a common schema, and validating data quality. According to the UK NCSC, onboarding should prioritize log sources that provide the highest security value relative to their ingestion cost. ## When to Use - When conducting security assessments that involve performing log source onboarding in siem - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - SIEM platform deployed (Splunk, Elastic, Sentinel, QRadar, or similar) - Network access from source systems to SIEM collectors - Administrative access on source systems for agent installation - Common Information Model (CIM) or equivalent schema documentation - Change management approval for production system modifications ## Log Source Priority Framework ### Tier 1 - Critical (Onboard First) | Source | Log Type | Security Value | |---|---|---| | Active Directory | Security Event Logs | Authentication, privilege escalation | | Firewalls | Traffic logs | Network access, C2 detection | | EDR/AV | Endpoint alerts | Malware, process execution | | ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
2 weeks ago
Language
Python
License
Apache-2.0

Bundled in these plugins

cybersecurity-skills

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Listed

siem-logging

Configure security information and event management (SIEM) systems for threat detection, log aggregation, and compliance. Use when implementing centralized security logging, writing detection rules, or meeting audit requirements across cloud and on-premise infrastructure.

374 Updated 6 months ago
ancoleman
AI & Automation Featured

analyzing-security-logs-with-splunk

Leverages Splunk Enterprise Security and SPL (Search Processing Language) to investigate security incidents through log correlation, timeline reconstruction, and anomaly detection. Covers Windows event logs, firewall logs, proxy logs, and authentication data analysis. Activates for requests involving Splunk investigation, SPL queries, SIEM log analysis, security event correlation, or log-based incident investigation.

16,326 Updated 2 weeks ago
mukul975
DevOps & Infrastructure Featured

implementing-security-monitoring-with-datadog

Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection to detect threats, enforce compliance, and respond to security events across cloud and hybrid infrastructure. Covers Agent deployment, log source ingestion, detection rule creation, security dashboards, and automated notification workflows. Activates for requests involving Datadog security setup, Cloud SIEM configuration, CSM threat detection, or security monitoring dashboards.

16,326 Updated 2 weeks ago
mukul975