Educause Security Discussion mailing list archives
Re: SIEM
From: Aaron Sigmon <asigmon.cpcc () GMAIL COM>
Date: Fri, 29 Apr 2011 09:18:17 -0400
We've been using OSSEC and have been pretty impressed. It's free and open source. Also, the active response feature is nice if you have a lot of Linux servers in your environment. You can check it out at www.ossec.net. On Fri, Apr 29, 2011 at 8:21 AM, Pratt, Benjamin E. <bepratt () stcloudstate edu> wrote:
We had a project where we evaluated SIEM products a couple of years ago and chose to go with a product from LogRhythm. With the little that I’ve played with it the product seems to have some nice built-in reporting and the ability to do a fair amount of customization. Unfortunately, as is the issue with many of our security projects on campus, the backing of resources has not followed the initial investment of time. I guess my big take-away is that it doesn’t matter if logs are on separate systems or if they are all on the same system if nobody is looking at them. Ben From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob Milman Sent: Thursday, April 28, 2011 4:23 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SIEM Hi all, I’ve been asked to evaluate products in order to implement a SIEM solution for our core infrastructure. What, if any, SIEM solutions are working for you? Is anyone using OSSIM by alienvault? Thanks, Rob Security and Compliance Analyst, Information Systems, SAIT Polytechnic 1301 - 16 Avenue NW, Calgary, Alberta, Canada T2M 0L4 Ph (403) 210.4229, Cell (403) 606.3173, Fax (403) 284-8811 http://www.sait.ca
-- Thanks, Aaron Sigmon Information Systems Analyst III ITS - Information Technology Services Central Piedmont Community College Office: 704-330-6141 Mobile: 704-363-7577
Current thread:
- SIEM Rob Milman (Apr 28)