I am in a situation,
I need to design and inplement the SIEM for client network
client have 3 Decanter, can some one help me to design and implement. That howmay D srv, LC and RCS are required.
i have a design if i get any better solution I will update my design
me placing a Dsrv and LC @ DC1 and DC2 and DC3 with 2 RC.these 2 RC will report to DC1 D srv.
the A srv is at different location. can anyone suggest me other solution
I have DC1 with 6000 EPS
What are the business requirements? Acceptable log loss? Acceptable network loss? VISIO or JPG of the proposed architecture? How many devices, EPS? DR/BC requirements? All of those factors go into designing a SIEM architecture.
they have about 35k devices 660 stores. but we need to log only data center devices.
3 data center
datacenter 1 with 6k logs
datacenter 2 with 2k logs
data center with 1k logs
i need reduendency too
tha A srv are in my place
to know how many collectors you need to know EPS, as I just went through this with SCOM servers. even though only 3 scom servers I need 2 extra collectors due to the EPS. That is important so you don't overload the collector.
Is this a managed SIEM environment with the ASRV at Cognizant and the DSRV's at the customer site?
I am attaching an architecture doc for MSSP's that might be helpful but you should probably also engage and RSA engineer to assist you with this. You can contact David Sauer who is the RSA Alliances Account Manager for Cognizant.