My question is in reference to the Denial of service attack. If there is a Denial of service attack on the monitored device than how LEM will react to that traffic? Will it log all the events of DOS attack or specific? Any filtering done at agent level in forwarding filtered DOS attack events?
Asking this as I think if there is a DOS attack on monitored device and if all events are stored on SIEM then SIEM storage space will run out quickly.