I'm really curious to see what others have done to cut down the amount of unnecessary noise that LEM is pulling in? I've just started to do a thorough review of what we really need to capture. I know that having well-defined local or domain audit policies on the systems reporting to LEM is probably a better approach, but not always...and sometimes we gotta work with what we got!
So - what have you all done to your Event Distribution Policy to cut down the noise? Let's all keep in mind that every environment is different and not everything will help everyone equally, or at all.