2010年10月25日,McGraw-Hill公司出版了David Miller和Shon Harris等人编写的新书《Security Information and Event Management (SIEM) Implementation》,算是第一本专门论述SIEM的书了。
内容介绍:
Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.

全书分为三个部分,第一个部分主要是讲了为什么需要SIEM,重点是SIEM的需求分析,并划分了几个需求驱动的模型;第二部分主要是讲述SIEM系统的功能设计,重点是核心的功能实现;第三个部分则介绍了业界的几款SIEM产品的设计和工作原理(包括开源的和商业的)。

对于国内的SIEM从业人员而言,此书有一定的参考价值。而对于客户方技术人员而言,也能够从中了解SIEM的内涵、作用和意义,并建立对SIEM运用效果的合理预期。