My dad just got new hearing aids. They are very cool with the ability to change the sensitivity based on the situation. For example, in a restaurant there is one setting that will cut out low and high frequency noise and amplify the frequency range associated with human voice. There is another setting for a quiet room where all frequencies are amplified with equal volume. There are a few other settings and of course there’s the setting associated with not listening to me babble: the off button!

What the devices are doing is adjusting sound based on signal-to-noise raitos (S/N) with specific frequency management. The same issues apply to processing SIEM/log management information. There are times when the S/N ratio is low so the filters need to be tuned to clip the high frequency (nuisance events) and the low frequency (insignificant events) while focusing on the mid-range (events with a high probability of being significant). At other times – like sitting in a quiet room listening to classical music – the S/N ratio is high so the sensitivity can be turned down so that only events that pass a higher threshold are processed. The challenge comes when the environment doesn’t match the settings; for example, a noisy restaurant with a piano playing or a high frequency of events where the low frequency (one failed logon) might be significant.

Our brains (with functional ears) have the ability to dynamically adjust the gain control and adjust frequency sensitivity in real-time based on input from our other senses and our past experiences. The same capability is needed in SIEM/log management where rather than having a gain control setting with 3 positions, we need a continuous gain control where the filter can be adjusted based on the operators senses (knowledge of the architecture and environment) and his/her experiences. This is where IT Search can be used to better support SIEM/log management by pumping up the volume when needed, and only when needed.