What is everyone doing for daily/weekly care and feeding besides VAM and Event source updates? are there reports that you run to reflect system health?
You can get some metric data about the health of your system by going to Reports -> Ad Hoc Reports -> Network -> System. There are a bunch of reports there that you can look at.
One should set up a matrix of actions to take place for personalizing the SIEM.
- Daily 24hr Snapshot's of the SIEM system
- 24 hour EPS trend, successful changes, failed logins, device down, capacity planning
- collection error reports, enhancements
- weekly management reporting such as EPS averages, number of alerts fired, responded, mitigated/resolved
- analytics regarding SIEM success, did we succeed in the intent of the SIEM purpose
-monthly actions such as scheduled maintenance window separate from rest of business window
- monthly ESU planning, deploy in test, run 24 hour snapshot, upon success, role into production
Just some ideas off the top of my head
Retrieving data ...