EP44 Evolving a SIEM for the Future While Learning from the Past
Cloud Security Podcast by Google
00:00
How Much Data Do You Want to Keep for Detection?
With security being at such a premium, you really should be focusing spending most of your time doing security work. This actually makes sense and to me this is what people often forget because they see the glamour of open source. As far as data retention, I've lived through PCI DSS years which kind of pointed to first 90 days in a year. We have some people who want a year just because it's a run-around number. How much data do you want to keep for detection, for response for hunting?
Transcript
Play full episode
