Hi all,
I am looking for ANY suggestions on how to document the policies of my ESMs; for example
- values of variables
- which correlation rules are enabled, and which have alarms on them
- what filters I have created
That is, I am looking for alternatives to doing it manually. I already know that the 'export' options in the Policy Editor are only useful for getting XML output and importing it into another SIEM.
Seriously, any help is welcome.
Thanks,
- Steve