Hello everyone! This is my first time diving into SEM from Solarwinds. I have created a simple rule to monitor remote logins from computers that normally would never RDP into anything. This was my first rule I ever made and it was mainly created so I could learn the system, but it can be helpful if an admin saved their credentials and then a standard user RDP into something using those credentials.
My question- What are some of your favorite rules that you have created? Where should I look to gain best practices for this tool? What do you think are the most important things to track and report? What kind of reports/rules do you have for your firewall?
Any advise will be much appreciated!