Please help me guys on my concerns below.
1. What are the common logs to get from Redhat data source? (messages, maillog etc.)
2. What is the advantage of connecting to a device using SNMP versus Syslog?
3. When doing SCP connection to get logs from a linux device how can I specify on the Wildcard to get messages and maillog only?
4. I configured a Palo alto device to send traffic events to SIEM, SIEM automatic discovery detects that the events are from a "Bradford Networks Campus Manager” data source. when I add it and configured the "Vendor" as Palo alto the reports on the dashboard displays random numbers.
5. I added an NTP server to the SIEM but it has a "rejected" condition. The time is GMT+8 12:00pm on the NTP but the time on the SIEM becomes GMT+8 8:00PM.
6. How do I add an application log like for example IIS and Windows OS logs that is the same data source on SIEM how should it be configured on the SIEM?
7. Add McAfee DAM as a datasource?
8. I will do a presentation on a client using the logs that were gathered, Please help me on how do I present SIEM results.