We are looking at migrating some of our SSIM rules to Splunk saved/scheduled/realtime searches. I was wondering if anyone else has done this?
I had some concerns over the SSIM 'Tracking Keys' and rule types. If anyone has done a migration from Symantec SSIM to Splunk, please PM me.
asked 25 Aug '11, 13:50