When I started specializing in SIEM systems as a consultant less than ten years ago, there were a few authoritative SIEM products on the market, operated on their own servers by the large organizations that used them:

• Splunk Enterprise (or Enterprise Security)
• ArcSight
• IBM QRadar

Other solutions existed, among others, Elastic’s full-fledged SIEM solution (as an add-on module on the Elastic or ELK stack) was emerging at that time.

Since then, an astonishing amount has happened in this market. In my perception, the three most important products are now the following:

I’ve actually had the old VW bus for almost a year now. High time for an update here, what else do I have this blog for!

The short version: I repainted the cargo area floor and learned a lot about painting in the process – conveniently on a component that would be covered up again anyway. I broke a spark plug, which was a truly avoidable and very expensive mistake. And: The bus now has a bed, so my wife, dog, and I could spend the night in it for the first time. I also initiated a T3 regulars’ table in Mainz.

Remember that vanagon I bought recently? How I wrote about something probably being stuck in the ventilator in the roof? Today, I unscrewed the inside lid used to open and close it so that I could look inside. And promptly found several little wasps’ nests.