Since the centralized view on IT systems is becoming more and more popular in regards to IT infrastructures, the need to secure and implement multiple security tools in the system is growing. SIEM allows users to perform effective surveillance and accelerate the detection and resolution of security incidents. Unfortunately, after implementation, SIEM is from time perceived as a preloaded log collector and an adherence for administrators. This presentation will provide useful tips and tricks based on real life experience of how to proceed with the deployment of SIEM to most effectively enhance the security of the systems.