So this is very new to me and my team, below are the concerns, if we use a remote system logging mechanism to pass to the SIEM solution
1. which Syslog level needs to be configured to get configuration changes, login failure
2. Do we have any SK regarding Syslog field information since manual field indexing is required which manual procedure
I believe this is a common audit/SIEM integration use case when it comes to BFSI segmentation (If I'm not mistaken, PCIDSS required to capture configuration changes in SIEM)