Hello Everyone,
I would like to know the best practices to deal with the noise traffic. Can someone please help me to understand that what all traffic apart from broadcast traffic events are considered as a noise? Also how to deal with that? Should we filter that at the agent level or should we allow the noise traffic to reach to the SIEM and then filter out?
As per the compliance standards (PCI/FISMA/SOX etc), should noise traffic logs preserved? If yes for how long?
Regards,
KD