ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Security Information Event Management (SIEM)

    Scheduled Pinned Locked Moved IT Discussion
    32 Posts 13 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dbeatoD
      dbeato @JasGot
      last edited by

      @JasGot Make sure you go directly with them as opposed as a vendor. The reporting is kinda hard as you have to always request it instead of readily accessible to you.

      J 1 Reply Last reply Reply Quote 0
      • nadnerBN
        nadnerB
        last edited by

        Rapid 7 is worth a look.

        1 Reply Last reply Reply Quote 0
        • J
          JasGot @dbeato
          last edited by

          @dbeato said in Security Information Event Management (SIEM):

          @JasGot Make sure you go directly with them as opposed as a vendor. The reporting is kinda hard as you have to always request it instead of readily accessible to you.

          Do you mean instead of through a vendor? I'm looking into this for one of our customers. I thought I would set them up directly rather than becoming a reseller or partner myself. It's our first go, and I don't think I want to get too involved.

          Is this what you meant?

          dbeatoD 1 Reply Last reply Reply Quote 0
          • ObsolesceO
            Obsolesce @JasGot
            last edited by Obsolesce

            @JasGot said in Security Information Event Management (SIEM):

            Anyone able to recommend a Security Information Event Management (SIEM) vendor?

            Azure Sentinel works well. I have been using that for some things at work, growing into it slowly. It's SIEM / SOAR.

            1 Reply Last reply Reply Quote 0
            • J
              Jimmy9008
              last edited by

              We use Dell SecureWorks MDR. Has been good so far. We get quarterly meetings and whenever anything questionable is seen in logs/scans/user usage, we are contacted.

              1 Reply Last reply Reply Quote 0
              • IRJI
                IRJ
                last edited by

                I'm surprised nobody has mentioned elastic yet.

                There's an open source version and a free version (more features).

                JaredBuschJ 1 Reply Last reply Reply Quote 1
                • dafyreD
                  dafyre
                  last edited by

                  Alienvault (Paid) / OSSIM (Free). We use the paid version here. It's a bit cumbersome to work with, but gives a lot of good details IMO.

                  1 Reply Last reply Reply Quote 1
                  • JaredBuschJ
                    JaredBusch @IRJ
                    last edited by

                    @IRJ said in Security Information Event Management (SIEM):

                    I'm surprised nobody has mentioned elastic yet.

                    There's an open source version and a free version (more features).

                    I did not mention it intentionally.

                    Because it is too complex to use as a SEIM unless you already know a lot about it.

                    hobbit666H IRJI 2 Replies Last reply Reply Quote 1
                    • hobbit666H
                      hobbit666 @JaredBusch
                      last edited by

                      @JaredBusch said in Security Information Event Management (SIEM):

                      Because it is too complex to use as a SEIM unless you already know a lot about it.

                      Agreed, i've been looking at it for checking over logs from all our servers. But one minutes it's workign fine then boom errors all over the place 😄 . So need to look for a new system myself for this and log management

                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                      • dbeatoD
                        dbeato @JasGot
                        last edited by

                        @JasGot Yes, that is what I meant.

                        1 Reply Last reply Reply Quote 0
                        • J
                          JasGot
                          last edited by

                          Wow! What an excellent response!
                          Thank you to everyone. I'll start exploring these and report back.

                          1 Reply Last reply Reply Quote 0
                          • JaredBuschJ
                            JaredBusch @hobbit666
                            last edited by

                            @hobbit666 said in Security Information Event Management (SIEM):

                            But one minutes it's workign fine then boom errors all over the place

                            This is not because Elastic is bad, it is because it is complex. Which is why it is a poor solution for people like @JasGot

                            Unless a person has the time to really learn elastic and how to do things well, it jsut turns into a mess.

                            J hobbit666H 2 Replies Last reply Reply Quote 1
                            • IRJI
                              IRJ @JaredBusch
                              last edited by IRJ

                              @JaredBusch said in Security Information Event Management (SIEM):

                              @IRJ said in Security Information Event Management (SIEM):

                              I'm surprised nobody has mentioned elastic yet.

                              There's an open source version and a free version (more features).

                              I did not mention it intentionally.

                              Because it is too complex to use as a SEIM unless you already know a lot about it.

                              Elastic basic (free) is pretty simple. Open Source version requires a bit more knowledge and integration

                              JaredBuschJ 1 Reply Last reply Reply Quote 0
                              • IRJI
                                IRJ
                                last edited by IRJ

                                https://www.elastic.co/subscriptions

                                https://www.elastic.co/blog/security-for-elasticsearch-is-now-free

                                1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @IRJ
                                  last edited by

                                  @IRJ said in Security Information Event Management (SIEM):

                                  @JaredBusch said in Security Information Event Management (SIEM):

                                  @IRJ said in Security Information Event Management (SIEM):

                                  I'm surprised nobody has mentioned elastic yet.

                                  There's an open source version and a free version (more features).

                                  I did not mention it intentionally.

                                  Because it is too complex to use as a SEIM unless you already know a lot about it.

                                  Elastic basic (free) is pretty simple. Open Source version requires a bit more knowledge and integration

                                  Setting up Elastic to ingest some basic logs? Simple. Setting up a SEIM with Elastic? Not so much.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 2
                                  • J
                                    JasGot @JaredBusch
                                    last edited by

                                    @JaredBusch said in Security Information Event Management (SIEM):

                                    This is not because Elastic is bad, it is because it is complex. Which is why it is a poor solution for people like @JasGot
                                    Unless a person has the time to really learn elastic and how to do things well, it jsut turns into a mess.

                                    Yea, I'm not in the mood to learn something that complex for a one off.

                                    1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @JaredBusch
                                      last edited by

                                      @JaredBusch said in Security Information Event Management (SIEM):

                                      @IRJ said in Security Information Event Management (SIEM):

                                      @JaredBusch said in Security Information Event Management (SIEM):

                                      @IRJ said in Security Information Event Management (SIEM):

                                      I'm surprised nobody has mentioned elastic yet.

                                      There's an open source version and a free version (more features).

                                      I did not mention it intentionally.

                                      Because it is too complex to use as a SEIM unless you already know a lot about it.

                                      Elastic basic (free) is pretty simple. Open Source version requires a bit more knowledge and integration

                                      Setting up Elastic to ingest some basic logs? Simple. Setting up a SEIM with Elastic? Not so much.

                                      This. As straight log management, it's some effort, but like, half a day tops. SEIM with it, though, is an undertaking on top of that.

                                      1 Reply Last reply Reply Quote 1
                                      • hobbit666H
                                        hobbit666 @JaredBusch
                                        last edited by

                                        @JaredBusch said in Security Information Event Management (SIEM):

                                        This is not because Elastic is bad, it is because it is complex.

                                        Agreed, it's a beast of a system.
                                        The SIEM part requires a "Basic" license, but seems to be around $200 / year.

                                        1 Reply Last reply Reply Quote 0
                                        • hobbit666H
                                          hobbit666
                                          last edited by

                                          What pricing are we looking at for other solution like
                                          Arctic Wolf?
                                          Rapid 7?
                                          Azure Sential?

                                          (Hate companies that don't show pricing, as if they are in £££££ range, the demo wont be install or tried.)

                                          1 dbeatoD 2 Replies Last reply Reply Quote 0
                                          • 1
                                            1337 @hobbit666
                                            last edited by 1337

                                            @hobbit666 said in Security Information Event Management (SIEM):

                                            Hate companies that don't show pricing, as if they are in £££££ range, the demo wont be install or tried.

                                            They don't understand that they are losing business. They think they are getting leads into their sales funnel by not giving the price and forcing people to contact them. In reality some of their leads are actually dropping out, because they wont state their price.

                                            A simple "from $xyz per month" would suffice.

                                            DashrenderD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post