When collecting events from devices is best practice to check and analyse the events and limit the amount sent to the ESM to save Bandwidth and improve Performance. Only collect the events that are actually useful for analysis in your environment and discard any other events that are not necessary to your organisation, you do not want to really collect all and everything just for the sake of it, but you want to collect only information that make sense to have for investigation. Having said that, for compliance you may need to collect ALL events, in that case I would suggest using our Logger software for storing all the events and the ESM for analysis (and in that case filter out wat is not really needed).

Find below some useful information and KB articles to assist:

