Alerting On Quiet Log Sources With SureLog SIEM

Data sources that stop logging to your SIEM put your organization at risk. If one of your organization’s firewalls stops logging to the SIEM, your SOC will be blind to malicious traffic traversing it. If your endpoint protection application stops logging, your analysts won’t be able to see if malicious files are being executed on one of your billing servers.

SureLog has many ways to monitor logging. The first option is to configure during log source settings. Alerts can be triggered if the log source stopped sending logs.

Monitoring Period for Work Hours is the field to configure the duration within which a log should be received by the SureLog. Failure to receive a log within this period will trigger this alert. The is valid for Monitoring Period for After Hours

The second option is to develop a rule for this.