04-18-2024 06:52 PM
Any thoughts on recommended logs that should be sent to QRADAR SIEM ?
what subscriptions should be configured ?
04-18-2024 07:10 PM
04-19-2024 02:43 AM
What's your remit and what's your budget allowance
We log every log subscription ( unless its an unused feature ) and also collect data via SSH HTTPs connections
Ran out of budget on the LDAP logs - and really needed them the other day to analyse a strange stall in rewrite queries but not accept queries
Single Log Line is OK on a basic level - and should allow filtering out log lines from other subscriptions
Better off with a custom log consolidator + generate other metrics + log what you don't purposely filter out.
Depends on what you are analysing / detecting.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide