Here is how you can make the SIEM PoC effective:
1) List down the existing issues that need to be resolved
2) List down the potential issues that could happen
3) Ask for use case implementation for #1 and #2
4) Observe the effectiveness of the solution as per your environment
5) Observe usability, scalability and feature-set being offered
6) Observe the skill level of the service provider / vendor
7) Grade based on #3, #4, #5, #6
Additionally, you may ask the following questions to your vendor to warm them up a little:
1) Time it would take to go from installation to actual threat or security insights?
2) Dedicated members or consultants needed to keep the solution up and inter-operable?
3) Does the proposed solution provide alerts and provide step-by-step remediation?
4) What if we don't have technologies in place that are needed to feed the SIEM?
1) List down the existing issues that need to be resolved
2) List down the potential issues that could happen
3) Ask for use case implementation for #1 and #2
4) Observe the effectiveness of the solution as per your environment
5) Observe usability, scalability and feature-set being offered
6) Observe the skill level of the service provider / vendor
7) Grade based on #3, #4, #5, #6
Additionally, you may ask the following questions to your vendor to warm them up a little:
1) Time it would take to go from installation to actual threat or security insights?
2) Dedicated members or consultants needed to keep the solution up and inter-operable?
3) Does the proposed solution provide alerts and provide step-by-step remediation?
4) What if we don't have technologies in place that are needed to feed the SIEM?
