17
Our SIEM went down for 2 hours and nobody noticed until a user complained
Turns out the alerts had been silently failing since the last patch on Tuesday, and I only found out when a manager in finance asked why her dashboard was blank. Has anyone else had a monitoring tool just quietly break without throwing any errors?
2 comments
Log in to join the discussion
Log In2 Comments
spencer_wood7d ago
Happens all the time. Had a log collector just stop sending data for three weeks once. No errors, no alerts, nothing. Found out when the compliance team asked why their reports showed zero failed login attempts.
2
perez.christopher7d ago
Set up a simple heartbeat check that pings you if logs go silent for more than an hour.
1