- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello together
For my doctrinal statements, i have to configure a Splunk, with 50 server from our Company.
one of the objectives is to analyze the ten most critical Events. But we don’t have a lot of critical events.
Now I wanted to ask you what you think is the most critical event?
Regards,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I started writing an answer to this but my answer would probably just be a rehash of what I wrote in a previous answer anyway: http://splunk-base.splunk.com/answers/35312/security-threats
The same holds for finding critical events - without any context information it is all but impossible to tell you that. Ask yourself: what is the worst that could happen in your systems or applications? How would you get the information of that it has happened? That's a thinking exercise to start off with.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your answer.
This question:"what is the worst that could happen in your systems or applications?"
I've also been asked, but i'm still in education and have less experience on Eventlogs.
So i have also ask in my company, what they think is critical. And they have gave me, a list with critical things, now i have to integrate this Events.
regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I started writing an answer to this but my answer would probably just be a rehash of what I wrote in a previous answer anyway: http://splunk-base.splunk.com/answers/35312/security-threats
The same holds for finding critical events - without any context information it is all but impossible to tell you that. Ask yourself: what is the worst that could happen in your systems or applications? How would you get the information of that it has happened? That's a thinking exercise to start off with.
