Hello Team...I was wondering in terms of "Best Practice" tracking for the PCI, NIST, Security logging...is there such a thing as "Best Practice"?
In other words, when I look at the different sections for Security, PCI, etc. I often see the same or similar templates for use.
Currently, the environment we are using has all of them enabled but I don't see the value in doing it that way...I believe we should use the ones that are "best practice" (if they exist) in order to make the alerts more manageable as well as to reduce the number of alerts coming in (saving resources and removing desensitization due to the amount of alerts).
I would certainly appreciate any and all feedback from the community.
Thanks so very much!
S_N