My organization (After much thought of spamming people with constantly alerts of various failures and I mean up to 500GB daily indexed volume) we have decided on a dashboard of relevant panels. Our team has been used to looking at ArcSight daily so they are expecting a similar view (one that refreshes individual panels - since logon events occur so fast that even a 10 minute interval is sometimes not fast enough). Is there a means to perhaps tie this into the ES Secuity App as a standalone dashboard (maybe linking it somewhere) since many if not all the panels are usually found in the ES app anyway?
Has anyone does this or does anyone have any ideas? I'm not super pleased with Splunk support as I opened a Sev2 case with them yesterday morning and have yet to get a call from them...
Thnx
↧