Security Basics mailing list archives

Re: AlienVault SIEM

From: krymson () gmail com
Date: Thu, 22 Sep 2011 14:23:32 GMT

I haven't used AlienVault, but I have used Logrhythm.

When you do check out a SIEM option, make sure you get past the bragging about how easy XYZ is to deploy. That's always
going to be easy. Your real time sink will be in ongoing management, where you'll have 3 general questions:

- How elegantly and easily does it manage all the events that come in, 99% of which will be false positives? Think
about spending 2 hours a day in front of the device for the next two years, and try to reveal which devices will be
frustrating and which will be truly helpful. You don't have to spend that time, but pretend you do...

- How quickly and completely are new popular log formats implemented officialy? IE, if a new Cisco product comes out
with a specific log structure how long will the vendor take to support that.

- For all other logs such as custom logs for your applications and one-offs, how easy is it for *you* to create
rudimentary parsing rules so you can digest those logs?

These are your major challenges after the first week or a SIEM rollout.

<- snip ->
Hi All,
I am currently doing my research regarding Security Information Event Manager (SIEM). I just found out AlienVault SIEM.
Do anyone experience using this product? And any sugesstion product of SIEM? Thanks.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

AlienVault SIEM mustafa . aman . shah (Sep 19)
- RE: AlienVault SIEM Apurva Dhanwantri (Sep 19)
  - Re: AlienVault SIEM Marion Renaldo Rotinsulu (Sep 19)
- Re: AlienVault SIEM Kim Guldberg (Sep 19)
- Re: AlienVault SIEM J Teddy (Sep 20)
  - Re: AlienVault SIEM John Morrison (Sep 21)
- <Possible follow-ups>
- Re: AlienVault SIEM Alex Rydzak (Sep 19)
- Re: AlienVault SIEM krymson (Sep 22)