Splunk Enterprise Security

What is the recommended logging requirement for Linux OS from Splunk ES perspective ?

damode
Motivator
 
Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

It depends on what your needs are.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

damode
Motivator

Our needs are that we want to onboard security relevant logs from Linux OS and looking for some standard Linux auditing recommendations or just what Splunk suggests. Just like how Microsoft has provided for Windows OS like https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-po... 

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.