Back to Documentation

Best Practices

Recommendations for optimal security and performance

Security Configuration

Agent Deployment

  • Deploy agents on all critical infrastructure
  • Use dedicated service accounts with minimal permissions
  • Enable TLS encryption for agent communication
  • Regularly update agent versions
  • Monitor agent health and connectivity

Detection Rules

  • Start with pre-built rule templates
  • Customize rules for your environment
  • Test rules in monitoring mode first
  • Review and tune rules monthly
  • Document custom rule logic

Performance Optimization

Resource Management

  • Set appropriate scan intervals (60-300 seconds)
  • Use agent groups for similar systems
  • Enable log compression for high-volume sources
  • Archive old incidents after 90 days
  • Monitor database size and performance

Alert Fatigue Prevention

  • Set severity thresholds appropriately
  • Use alert aggregation for similar events
  • Implement quiet hours for non-critical alerts
  • Review and disable noisy rules
  • Use automated response for common issues

Team Collaboration

Incident Response

  • Define clear escalation procedures
  • Assign incidents to specific team members
  • Document resolution steps
  • Conduct post-incident reviews
  • Maintain runbooks for common scenarios

Access Control

  • Use role-based access control (RBAC)
  • Follow principle of least privilege
  • Enable multi-factor authentication
  • Review user permissions quarterly
  • Audit access logs regularly

Compliance & Auditing

Chilean Law 21.459 Compliance

  • Enable comprehensive audit logging
  • Implement data retention policies
  • Document security controls
  • Conduct regular security assessments
  • Maintain incident response documentation

Continuous Improvement

  • Review security metrics weekly
  • Track mean time to detect (MTTD)
  • Measure mean time to respond (MTTR)
  • Conduct quarterly security reviews
  • Stay updated on threat intelligence

Next Steps