Hi People,
I am going to create the alert and dashboard for the various sources like firewall, proxy, windows, linux, threat. What information should I include into alert and dashboards? Like common example, Window failed login etc..
Can you guide me some info on that?
Have you looked at any apps on Splunkbase?
https://splunkbase.splunk.com/apps/#/category/it_operations_management
Hi Steave4app,
Usually guides the trouble-ticketing system or the Incident Management System, you have to follow their requirements.
If you haven't one of them, you have to ask to the people that have to intervene what information they need to work.
In a bank where I worked, I had to communicate in my alert four information: