https://community.splunk.com/t5/Alerting/Any-common-useful-alerts-for-an-environment-with-Windows-and/m-p/273345#M5015 <P>Hi community,</P> <P>I was wondering if there was a collection of useful alerts for an environment that has both Windows and Red Hat boxes such as errors and suspicious behavior. My team is looking at getting Splunk Enterprise Security in the future, but anything useful now for less advantage Splunk people would be great!</P> <P>Thanks in advance!</P> Mon, 18 Jul 2016 23:48:19 GMT carefulrelish 2016-07-18T23:48:19Z https://community.splunk.com/t5/Alerting/Any-common-useful-alerts-for-an-environment-with-Windows-and/m-p/273345#M5015 <P>Hi community,</P> <P>I was wondering if there was a collection of useful alerts for an environment that has both Windows and Red Hat boxes such as errors and suspicious behavior. My team is looking at getting Splunk Enterprise Security in the future, but anything useful now for less advantage Splunk people would be great!</P> <P>Thanks in advance!</P> Mon, 18 Jul 2016 23:48:19 GMT https://community.splunk.com/t5/Alerting/Any-common-useful-alerts-for-an-environment-with-Windows-and/m-p/273345#M5015 carefulrelish 2016-07-18T23:48:19Z https://community.splunk.com/t5/Alerting/Any-common-useful-alerts-for-an-environment-with-Windows-and/m-p/273346#M5016 <P>Hi carefulrelish, check out the <A href="https://splunkbase.splunk.com/app/1621/">Common Information Model</A> app (CIM) It makes use of data models to allow for a single searchable interface. This is part of the way that ES can use single correlation searches that search over disparate data sources. (windows and nix authentication events for instance)</P> <P>Please let me know if this answers your question!</P> Tue, 19 Jul 2016 14:53:48 GMT https://community.splunk.com/t5/Alerting/Any-common-useful-alerts-for-an-environment-with-Windows-and/m-p/273346#M5016 muebel 2016-07-19T14:53:48Z