Hey guys I have an audit coming up in 1st week January, 1st for this company, and I am on point for SIEM/LEM.
- Who has gone through an audit and used LEM?
I have done an audit with LEM and have another one coming up very soon... The only thing I would say is to make sure you are easily familiar with navigating the appliance, definitely comfortable with AND/OR statements for nDepth searches and I'd even save a couple of the searches to pull up again during your audit. You can check your company's PCI standards for what to search for beforehand, but otherwise LEM is a great auditing tool that really does see so much data...
Was there anything you're concerned or worried about?
I am only concerned about my ability to pull out the nDepth data as I am not good with queries. I run suggested daily/weekly reports. I hope that those will be a good showing.
