Hi Everyone...I'm setting up some alerts for the LEM to capture, and I was wondering if the community is aware of any "best practice" alerts to ensure are enabled.
For example, I know that events like Account Creations/Deletions, Port Scans, etc should be enabled but what others are recommended?
Thoughts are welcome!
Thanks much!