Deployed LogRhythm SIEM. Included 2 instances of LogRhythm Network Monitor. FIM enabled.
Lessons learned:
* updated asset database including application owners
* security access to critical network and server devices to avoid resource limitations
* ensure logging is enabled on log sources
* install solution nearest the assets being monitored
* understanding of IP scheme and naming conventions used in the organization