I like to ask how do I set up Splunk as a SIEM in my on-prem network architecture. Does it connect to the switch that connects all pcs ? i intend using an appliance server that has the Splunk app installed
In a nutshell I need help in setting up an enterprise version of Splunk in our network systems.
secondly, are the sensors for each system, any caveats on the windows firewall ?
Secondly , can I place IDP, IDS before the firewall or after the firewall