I have few queries regarding SIEM or log management.
1.What false positives/to ignore entries we see in firewall logs from domain controllers,Ips/Ids,Database logs,Vpn .
3.Does RSA envision connect directly to domain controllers.
4.How to learn basics of firewall log analysis & escalation.
Thanks in advance for your help.
Re: Common False positives/entries to ignore
8 years 1 month ago #35666