Hello I had a question is it possible Integrate Milestone with SIEM to feed information.
Yes. I am in doubt what to present to you as an opener on this subject, but maybe this page..
Hello if it is difficult to use Wazuh with Milestone.
For example, is it possible to bring up the server managing Milestone and then bring up the Windows and Milestone logs on Wazuh to analyze in case of server attack or brute force of Milestone password? What is your opinion on this operation?
Does Milestone recommend any application or software that allows to monitor server activities in real time and send them to us?
What is the security strategy that Milestone recommends other than using the certificates that I have implemented on my system regarding cybersecurity?
Richard just to confirm. SIEM you mean this class of the systems https://en.wikipedia.org/wiki/Security_information_and_event_management ?
If yes, I also voting for this and will try to escalate this as this must have requirement in most of critical infrastructure systems.
Hello Piotr yes that’s the goal is that in case of a network attack or a problem on the server to have a report it’s a request from a customer to see if you can go back to milestone vms on SIEM compared to milestone’s recommendations for the NIS2 Europe standard
It’s quite complex. I am testing system/ Milestone + Wazuh as SIEM and for example some wrong logins or Milestone are as visible as Milestone put this to OS log file from where SIEM are reading. I don’t know about direct integration SIEM<>Milestone.
Hello if it is difficult to use Wazuh with Milestone.
For example, is it possible to bring up the server managing Milestone and then bring up the Windows and Milestone logs on Wazuh to analyze in case of server attack or brute force of Milestone password? What is your opinion on this operation?
Hello if it is difficult to use Wazuh with Milestone.
For example, is it possible to bring up the server managing Milestone and then bring up the Windows and Milestone logs on Wazuh to analyze in case of server attack or brute force of Milestone password? What is your opinion on this operation?
When you use Windows Authentication that should be easy. Milestone will ask either local system or domain to confirm password and that will go into a system (windows) log files which are integrated for example into a Wazuh. I didn’t try with basic Milestone user.