Best practice for IP server subnet
We have a subnet reserved just for servers. Since EventLog Analyzer currently does not automatically scan an IP subnet for new servers to add into the SIEM logs, I was going to add each IP in the subnet range with the proper credentials even if the IP address is not currently active.
With a large organization, it is difficult to keep abreast of server adds and removals. My thought is when an IP is assigned to a server, the SIEM log collection is already monitoring that IP and will start collecting immediately.
Do you feel there is a best practice?
Topic Participants
jamiejenkins
eventlog_support
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?