There are a lot of decent threat sources out there today, and inexpensive tools that can be used to combine them with firewall data, he says.

“For someone that is low on budget, you can perform this with existing log aggregation tools, but I would not try to do this by hand,” Brazil says, who is a big proponent of security information and event monitoring (SIEM) systems.

via Five Ways To Better Hunt The Zebras In Your Network – Dark Reading.