I have recently started my job as a Security Analyst position and we using Log and Event Manager ver. 6.0.1. I am learning all the deep capabilities of LEM on the go and as I go through the Rules and Filters and multiple types of fields and event correlations, I came up with a question.
Before creating your own Rule or Filter, is there a way to find out whether a specific event/eventgroup/userdefinedgroup/connectortype is part of any already implemented rule/filter? Any advanced refining option? Aside from going through all of them one by one.
Thank you!
Clik here to view.
