So I’m still pretty terrible at markdown.
I expect this is really a draft post that will be mangled into something worth sharing at a later date. Today it’s really just an itch I’ve been meaning to scratch.
Specifically why do people continue to think that SEIM is for primarily for security and not for operations? While it’s exciting to think of a cat and mouse game with a hacker being won through the use of a sexy security dashboard, the reality is much more likely to be the preservation of existing business data because someone noticed a slower drive - using a SEIM tool.