Nov 28 2023 03:57 AM
Hey all you SIEM and SecDevOPs Engineers.
Currently having major ingestion issues with Events logged from CISCO ASA.The problem: Even with filtering limited to Notification L5 events we accidently ingested 600M+ logs into Azure Sentinel via the CEF via AMA data-connector with the stream set to Microsoft-Ciscoasa
We need to drastically reduce the amount of logs coming in, however we're struggling to find resources/guides on best practice for event logging.
If there is a Cisco expert out there, can someone please point me in the right direction for getting relevant logs events which analysts can use to investigate incidents.
What is the standard out there wrt high fidelity alerting and investigation capabilities.
Nov 29 2023 06:09 AM