Hi All
Just trying to get others opinions/experiences on this.
Our SIEM (Currently QRadar) has basically become the god Syslog Collector in our environment but from an operational side it's a bit of a mess. It's gotten hit with thousands of VMware debugs, junk logs and loads of events that aren't security related which just create noise and impact the actual logs we care about. It's great as a security tool but from an operational event perspective it's not really fit for purpose so I'm looking at splitting it out for security monitoring and operational monitoring.
Do others use their SIEM as an operational monitor (by design or just chance cause it's a Syslog Collector that is there)? Or do you have a dedicated system for operational use?
Cheers!
No comments:
Post a Comment