RSA Admin

multiple BU's

Discussion created by RSA Admin Employee on Jan 14, 2010
Latest reply on Feb 26, 2010 by RSA Admin
First I'm new RSA enVision, but not new to the SEIM world.  The situation is we are setting up the SIEM where we will have multiple remote collectors for different Business Units within the company.  IE... RC1 -> BU1 (Firewall, IDS, syslog),,,, RC2 -> BU2 (firewall, IDS, syslog).  I want it where the different BU's can't see each other information.  Where the analyst can see both BU information.  When there is an incident the analyst can see where the event is coming from either RC1 or RC2..... and notify the correct person.  Being I'm setting up a SOC we will have a number of central monitors (42 > inch monitor)  what is the recommended number...

Outcomes