Hello! I am starting my degree thesis, the topic is: Design and implementation of a solution to configure, remediate and prevent security event alerts received by my company’s Syslog server.
I have MANY doubts regarding the first objective: Define which security events are classified as alerts in my company’s technological infrastructure.
What can I base on to define these alerts? Please help!
I’m not entirely sure this is the best forum for you to get the answers you are looking for, nor even sure what are the events and alerts you mention in the context of your thesis, but my first suggestion is that this answer would come from understanding what are considered critical assets to your company, what levels of risk and severity they (and you) have, what is the network traffic like - so, what’s the profile, what’s the industry field…
Those should, I imagine, help one delineate the bigger picture before starting on that task.