Security Monitoring is a vast topic, it can be daunting to begin with, you may well say to yourself “where do I start!”
Over the last two years as a Splunk consultant, I have gained a lot of insight into the world of security monitoring, and this post will give some structure on what you can do to get started. You don’t have to run through all the steps, as some small, medium organisation cannot afford to do these, so pick and choose the ones that you think are feasible and run through the process.
The security project can take anything from a 1 week to years, it depends on the size and requirements, but this approach should give you some guidance, and the steps you need to take, and over time you will have a mature, and successful solution. Good luck!