I am looking for ANY suggestions on how to document the policies of my ESMs; for example
- values of variables
- which correlation rules are enabled, and which have alarms on them
- what filters I have created
That is, I am looking for alternatives to doing it manually. I already know that the 'export' options in the Policy Editor are only useful for getting XML output and importing it into another SIEM.
Seriously, any help is welcome.
Thank you, but I've spoken to your engineers about this before, and they weren't able to help me. That's why I have turned to the community for assistance.
- Steve Kadish