a) What are some log collection/management considerations that an organization might need to bear in mind?
b) Do log files unto themselves provide an organization with complete visibility into what’s occurring on the organization’s network or to support internal investigations? If not, what other data sources might you think would provide enrichment to the existing data set?
c) Research centralized security incident and event management systems. Provide a summary of the features they contain and provide your assessment on how these features can be used by an organization (SOC analyst, threat hunting team, or incident responder) to help support investigations? Are there any particular features that might be useful to help with regulatory compliance reporting?