hello ...
I am new to the SIEM tools and a fresh graduate from collage.
we are implementing the LEM tool in our company and my boss asked me to find the best practice for the filters, meaning what are the best filters for the connected nodes (e.g. antivirus ), what should we keep from the predefined filters and what should we remove, and what to add if necessary.
the nodes he gave me are:
- antivirus
- Firewall
- router
- exchange
- active directory
please if you could help me or direct me to a URL that can help me that would be appreciated.