Hi community,
I was wondering if there was a collection of useful alerts for an environment that has both Windows and Red Hat boxes such as errors and suspicious behavior. My team is looking at getting Splunk Enterprise Security in the future, but anything useful now for less advantage Splunk people would be great!
Thanks in advance!
Hi carefulrelish, check out the Common Information Model app (CIM) It makes use of data models to allow for a single searchable interface. This is part of the way that ES can use single correlation searches that search over disparate data sources. (windows and nix authentication events for instance)
Please let me know if this answers your question!