Centralizing alerting from multiple devices and speeding up incident response are just some of the critical issues solved by investing in SIEM technology (more on choosing the best SIEM for your environment HERE).
There are many SIEM vendors however I continue to be impressed by what Splunk is doing in regards to their open source APPs HERE that showcases a Cisco management APP that can correlate events from various security products such as Cisco ISE, WSA, Firewalls, Sourcefire and so on. There isn’t a Cisco manager of managers so doing things like running a report on high level events against any security product for a particular IP address can only be accomplish by a SIEM solution.
The Splunk team just launched a youtube channel featuring videos on how to use, install and value from their solution. Some of the videos are marketing focused but there are many technical guides I found useful. Check it out at https://www.youtube.com/user/splunkvideos or HERE.
Other youtube channels to consider are
- https://www.youtube.com/user/Cisco
- https://www.youtube.com/user/ciscosecurity2011
- https://www.youtube.com/user/ciscosupportchannel
- https://www.youtube.com/user/SourcefireInc
- https://www.youtube.com/user/meraki
- https://www.youtube.com/user/BlackHatOfficialYT
- https://www.youtube.com/user/DEFCONConference
- https://www.youtube.com/user/ISC2TV