Security Information and Event Management (SIEM)
Please enter a title.
You can not post a blank message. Please type your message and try again.
on Oct 7, 2015 11:07 AM by scott3boy
ACE - Historical and Real-time setup and use - QUESTIONS
Oct 7, 2015 11:07 AM
Should we use the Default Policy for both real-time and historical ACEs? Or should they each have their own policies?
Should our historical Ace have all correlations disabled and only have the adhoc ones disabled at the time we need to search historically?
The default policy shows the correlations all set to On-Demand? What is real-time? Should our real-time ACE be running real-time correlations?
Can you provide an example Real-time ACE policy and a Historical ACE policy?
How do you setup and use Risk Based correlation on ACE? Do you configure it for Historical?
What is the benefit of having the GTI subscription with ACE?
What steps need to be taken to perform a historical ACE search and what should be done post search (disable the custom correlation, remove filter, etc?)
What type of maintenance should occur on the ACE (purging of logs, etc)
Thanks for any help or direction!
I have the same question
Show 0 Likes
This content has been marked as final.
Show 0 replies
Remove from profile
Feature on your profile
More Like This
Retrieving data ...