ASM fine-tuning using logs in syslog/siem
Hi, I wanted to ask, based on current config the ASM unable to hold the incident/case id more than few days. a) Anyway we can increase the box disk space ? b) If we use siem/syslog server to point out these logs, how difficult to search back per rule/policy and fine tuning it back? As we aware the build-in case/security log is quite good as it has learn feature along with signature references..