Since a few weeks we enrich our device attributes with information from our CMDB (Configuration Management DataBase). This information includes for example Location and CIA classification.
For me it is quite unsure how to use this information in the processing of alerts and reports.
We want to use this information in the following way:
1. To add extra information with an alert;
2. To add extra information with reports;
3. To help prioritizing alerts, for example: a logon failure on a device results with a High CIA classification results into an alert with alert level 2, the same logon failure on another device with a lower CIA classification results into an alert with alert level 4.
Number 3 is the most important option we would like to use.
Does anyone has tips, tricks, ideas or the same issues concerning this, please let me know.
Thanks in advance.