We are in process of implementing ELK Agent and more focus for better SIEM detections.
At the moment our config ships all the logs and we also don't want to tailor only security events. Is there a recommendation or experience someone has with this roll out in enterprise? Would be happy to connect
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.