siem
Safeguard articles tagged "siem" — guides, analysis, and best practices for software supply chain and application security.
15 articles
Piping security findings into your observability stack
OCSF just cleared ITU review for ratification by June 2026 — here's how to route vulnerability and scan data into Datadog or New Relic without drowning your on-call rotation.
What Are Security Logging and Monitoring Failures
Equifax went undetected for 76 days, Marriott for four years. Here's what security logging and monitoring failures are, why they happen, and how to close the gap.
What is SIEM
SIEM explained: how it works, what data feeds it, how it differs from SOAR/XDR, and where reachability-based supply chain security fills its blind spots.
What is SOAR
SOAR explained: what Security Orchestration, Automation, and Response actually does, how it differs from SIEM, and where it fits in supply chain security.
How to set up centralized logging with the ELK stack
A hands-on guide to setting up ELK stack centralized logging: installing Elasticsearch, Logstash, and Kibana, shipping logs with Beats, and building SIEM-style alerts.
How to configure SIEM alerting rules
A step-by-step guide to configure SIEM alerting rules: from use case development through Splunk alert configuration to detection rule tuning.
MITRE ATT&CK v18: Detection Strategies Replace Data Sources
ATT&CK v18 released October 28, 2025, replacing traditional Detections (Data Sources) with Detection Strategies and Analytics. Here is how the model changes for defenders.
Azure Sentinel for Supply Chain Detection
Sentinel has everything it needs to detect supply chain attacks in Azure — but only if the analytics rules are tuned to what those attacks actually look like.
GCP Security Command Center Integration
An industry-level look at integrating GCP Security Command Center with the rest of the security stack: which findings are signal, which are noise, and how to route the output so it actually gets actioned.
Panther SIEM Supply Chain Rules: A Detection Engineering Playbook
Write Panther Python detections that catch package poisoning, CI token abuse, and registry compromise. Real rule examples, tuning patterns, and alert routing.
Elastic Security Supply Chain Signals
How to surface software supply chain threats in Elastic Security using EQL, detection rules, and the Elastic Common Schema for build pipeline and registry events.
Sumo Logic for Supply Chain Observability: A Practitioner's Guide
Architect Sumo Logic dashboards, queries, and anomaly detection for software supply chain visibility across SCM, CI/CD, registries, and cloud runtime.