![]() Baseline events can be sent to devices with online analytical capability, such as Security Event Manager (SEM), while also sending events to a MapReduce system, such as HDInsight or Hadoop, for long-term storage and deeper analysis. ![]() This implementation helps differentiate where events are ultimately stored. The Suspect subscription collects more events to help build context for system activity and can quickly be updated to accommodate new events and/or scenarios as needed without impacting baseline operations. The Baseline subscription enrolls all devices in your organization, and a Suspect subscription only includes devices that have been added by you. To accomplish this functionality, there are two different subscriptions published to client devices - the Baseline subscription and the suspect subscription. Windows Event Forwarding (WEF) reads any operational or administrative event log on a device in your organization and forwards the events you choose to a Windows Event Collector (WEC) server. This article talks about events in both normal operations and when an intrusion is suspected. Learn about an approach to collect events from devices in your organization.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |