Which method minimizes resource usage on individual systems while maintaining effective data collection for a SIEM deployment?

Implementing an agentless collection method minimizes resource usage on individual systems because it does not require the installation of software agents on each system being monitored. This approach allows for data to be collected over the network without the overhead that comes with managing and updating individual agents on every host.

With agentless collection, the data is typically gathered from various sources such as network devices, servers, and other endpoints through protocols like SNMP or WMI. This centralizes the data collection process, reducing the computational load and storage requirements on individual devices, which is particularly beneficial in environments with many systems.

In contrast, agent-based collection can lead to increased resource usage since each agent consumes CPU and memory on the host it is installed on. Network-based monitoring, while it can be effective, may still experience limitations with respect to the depth of data collected compared to agentless methods. Manual log inspection is labor-intensive and impractical for real-time monitoring, making it less effective for comprehensive data collection needed in a SIEM (Security Information and Event Management) context.

Therefore, the agentless collection method strikes a balance between efficient data gathering and minimal resource impact on individual systems, making it the optimal choice for a SIEM deployment.