SEM tuning and periodic maintenance tasks
Review your rules on a regular basis. This will ensure that they do not trigger too frequently and SEM uses the processor and memory resources efficiently.
These issues can be caused by:
Low threshold settings
Rules that use event groups instead of a single event or subnet of events
The following table provides recommendations for each issue.
|Low threshold settings||Consider increasing the threshold for rules that trigger due to network traffic.|
|Broadly-defined conditions||Define the rules to apply only to specific user names, IP addresses, or systems. Consider whether a different set of rules with different conditions could serve two distinct areas of your environment.|
|Rules using event groups instead of a single event or subset of events||Rules that detect authentication or network traffic may trigger on additional events, but may only apply to a subset of those events.|