Free PBQ Demo · Advanced

Topology · SIEM Log Sources

Wire Firewall, IDS, AD, web server, and endpoint logs into a SIEM — pick the right sources, retention, severity thresholds, and alert routes.

Tests: Detection engineering, SIEM tuning, log source selection, alert fatigue management — Security+ Domain 4 Operations.

~9 minNo signup needed

Scenario

Tune log sources, retention, and alert thresholds across the SIEM so analysts focus on real incidents.

Enable the right sources, set realistic retention, and configure alert severity routing.

Network Topology — Live View

monitoring
Perimeter FWfw-edge-01IDSsnort-sensor-01ADdomain controllerWeb Serverpublic siteEndpoint EDR600 endpointsSIEMcentral
InfectedAlertConfiguredclick any hostto configure

Perimeter FW

fw-edge-01

Forward these log classes to SIEM:

Tasks

  • Forward high-signal events from every source. Avoid the noisy ones.
  • On the SIEM, retain hot logs for 90 days; page on Critical + High only.
  • Turn on alert de-duplication to cut noise.

0 settings configured

Liked this PBQ? There are 80+ more inside.

Sign up free to take full timed exams with mixed MCQs and all 6 PBQ types — across 10 CompTIA and Cisco certifications.