Ingest Application Logs in SIEM
B
Bill Hinson
I noticed that our SIEM currently does not ingest application logs, which is crucial for our monitoring needs. It would be beneficial if SIEM could include application logs along with security and system logs. This would provide a more comprehensive view of our system's health and help in identifying issues more effectively.
A
Andrew Barton
There are a lot of critical applications that need to be monitored that will not show up in the current logging available for SIEM. One example is MSSQL failed logins. We are also getting pressure from the compliance side to be able to provide these logs.
Product Name: SQL Server
Event ID: 18456
Event Source: MSSQLSERVER
Component: SQLEngine
Symbolic Name: LOGON_FAILED
Message Text: Login failed for user '%.
ls'.%.
ls