Re: How do logs flow through the SIEM? The Journey of a syslog...
Strongly agree. This would go a long way in helping people understand the best way to organize data sources, create effective policies, and would likely decrease the number of how-do-i support calls. Understanding the underlying operation and architecture of a product like this is important to using it properly to produce the desired outcome.
To the examples already provided by scott3boy, I'd add that it is important to understand how the data flow is altered depending on type of data source (standalone, parent, client, child) and collection method (syslog, MEF, WMI, CIF).
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.