Solved: most critical Events

fingolfin · ‎02-23-2012

Hello together

For my doctrinal statements, i have to configure a Splunk, with 50 server from our Company.
one of the objectives is to analyze the ten most critical Events. But we don’t have a lot of critical events.
Now I wanted to ask you what you think is the most critical event?

Regards,

Ayn · ‎02-23-2012

I started writing an answer to this but my answer would probably just be a rehash of what I wrote in a previous answer anyway: http://splunk-base.splunk.com/answers/35312/security-threats

The same holds for finding critical events - without any context information it is all but impossible to tell you that. Ask yourself: what is the worst that could happen in your systems or applications? How would you get the information of that it has happened? That's a thinking exercise to start off with.

View solution in original post

fingolfin · ‎02-27-2012

Thank you for your answer.
This question:"what is the worst that could happen in your systems or applications?"
I've also been asked, but i'm still in education and have less experience on Eventlogs.
So i have also ask in my company, what they think is critical. And they have gave me, a list with critical things, now i have to integrate this Events.

regards

Ayn · ‎02-23-2012

I started writing an answer to this but my answer would probably just be a rehash of what I wrote in a previous answer anyway: http://splunk-base.splunk.com/answers/35312/security-threats

The same holds for finding critical events - without any context information it is all but impossible to tell you that. Ask yourself: what is the worst that could happen in your systems or applications? How would you get the information of that it has happened? That's a thinking exercise to start off with.

most critical Events

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk