![]() It's best to start small, as the speed of enablement, validation and tuning will get faster with practice. Enabling too many searches at once risks your SOC being flooded with alerts which may be hard to fix. It is best to enable correlation searches one at a time, understand how that search works, and validate it provides valuable information - not just noise. If you need direct help, use On Demand Services early and often to access experts available on request. You can also access a catalog of some of the services available to you. Noting what to search, filter or adjust is as varied as cyber security is itself. This configuration page is where much tuning and development will take place. You can then enable and disable searches, update the settings that dictate how they run, change the search logic, and throttle their adaptive response actions.Select Content Management, and set the type to Correlation Search. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |