[logs] SIM solution - Objectives ?
saudi sans
saudisans at gmail.com
Wed May 23 22:52:54 PDT 2007
Hi,
We have just started using a leading SIM for monitoring logs. It works well.
The SIM management is outsourced. We have about 150 servers and 10
security devices.
We have SLAs that if a High alert comes vendor should inform us within
15 minutes , for medium alert it is 30 minutes .....etc.
Are corporates [who have some level of maturity in this space] using
SIM solutions to do real time response or are we using it for weekly
reports and then doing trend analysis ?
Does it make sense to receive High alerts and take a 15 minute
response when a login failure happens on a few servers.?
This question is NOT related to the SIM product capabilities but
process to be followed and what goals we should set to achieve with
SIM
More information about the LogAnalysis
mailing list