This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SEM IOC searches

I've been given a list of IP addresses,  over 1500 and  several dozen URLs to search and determine if there has been any communication between our systems and those associated IPs and URLs.

My question is, what is the best way to upload this amount of data into the SEM and what is the most effective way to search without it timing out? 

I'm thinking that the time out limit can be modified and the searches be run in batches, what that looks like is the question I'm asking, i.e  what size should the number or IPs be set to, are user groups the best way to set them up, what time frames should we search on, 2 weeks, 1 month, etc.

Also, I have not found any good documentation using HTML5 version of the SEM, everything I've seen is for the LEM. 

Any other advice that can be provided to help with this search would also be appreciated.

  • It depends on where and what format the data is in. SEM uses connectors to parse log data, if the data is from syslog file then it can be uploaded to sem (requires help from support). You may also use a Log forwarding tool Set up and test Kiwi Syslog integration with SEM

    Search is generally good if your SEM has good CPU and RAM, I recommend starting with 1 week and then 2 week and that is not timing out then increase further.

    All HTML5 documentations is available online, if you are looking for anything specific then let us know.