SwiftOnSecurityJan 5, 2023
One aspect of security configuration I don't see talked about enough is verbosity vs retention.
Do you really want this event of marginal use if it makes you have 20 fewer days before logs turnover?
Show threadAli-Al
@SwiftOnSecurity Don't most SIEMs have a built-in system for dropping raw logs that are similar enough to an initial one? Just keep the timestamps if the content never changes so you know how many came in and when, problem solved?
Jan 5, 2023 at 8:48pmWeb