Every SIEM deployment hits the same wall: logs cost money to ingest and store, but not all logs earn their keep. Some sources flood the system with noise that never produces a useful detection; others are quietly invaluable. The discipline of knowing which is which is where SIEM economics actually live.
JPMorgan Chase Bank, N.A.'s US11126711B2, “System and method for implementing a log source value tool for security information event management” (issued September 21, 2021; CPC G06F 21/552 — detecting malicious activity, and H04L 63/1425 — monitoring traffic for anomalies), describes a tool that assesses the value of each log source feeding the SIEM. Read it at US11126711B2.
Mechanically, the value tool scores log sources on their contribution to actual detections and investigations, so an operator can prune dead weight and prioritize the feeds that matter. This is the unglamorous plumbing that determines whether a SIEM bill is justified — it is cost control disguised as security tooling.
Why this is a business story: SIEM pricing is famously volume-based — Splunk's by-the-gigabyte model became the cautionary tale that pushed the whole sector toward usage and outcome-based pricing. A patent from a bank, not a vendor, on measuring log-source value is a signal of how acutely large buyers feel ingest cost. The economics of the SIEM market — and the rise of cheaper data-lake alternatives — turn on exactly this question of which logs are worth paying to keep.
The grounded read: SIEM value is decided by log-source selection, and measuring that value is a cost-control problem as much as a security one. JPMorgan's 2021 grant names a tool for scoring log-source value — a buyer's-eye view of where SIEM money actually goes.