We have 2 different companies of same group. Data sources of both companies will be monitored from one SOC. Our concern is how to keep event logs separate without mixing them. We have ESM, ELM & a common Receiver.
Please look into zones. They serve as a container that can be associated to subnets and devices. Zones support overlapping IP space and role-based access.
Thanks for your reply and the document you have provided. I have a further query. Can we relate Zones in ESM, Storage Pools in ELM, Storage in DAS.
Zones extend for all ESM data (including if there is a DAS with the ESM). The ELM data is accessible for each event under the ELM tab but users will need to restricted from full ELM query capability.