Forum Discussion
On Premise Event timing
I am testing the on-premise detection by forcing a cleared event log detection. Is there anything I can do to increase speed of detection for on-premise systems? Event Log Clearing Test: Created...
1) What method are you using to get the clear log even into Sentinel? (i.e. Syslog, Event logs, etc)
2) What time was the event written to the log?
3) If the alert was raised by a scheduled Analytic rule, what is the rule frequency (AKA Run query every)