Re: SIEM

[Aaron Sigmon <asigmon.cpcc () GMAIL COM>]

We've been using OSSEC and have been pretty impressed.  It's free and
open source.  Also, the active response feature is nice if you have a
lot of Linux servers in your environment.  You can check it out at
www.ossec.net.

On Fri, Apr 29, 2011 at 8:21 AM, Pratt, Benjamin E.
<bepratt () stcloudstate edu> wrote:
> We had a project where we evaluated SIEM products a couple of years ago and
> chose to go with a product from LogRhythm. With the little that I’ve played
> with it the product seems to have some nice built-in reporting and the
> ability to do a fair amount of customization. Unfortunately, as is the issue
> with many of our security projects on campus, the backing of resources has
> not followed the initial investment of time. I guess my big take-away is
> that it doesn’t matter if logs are on separate systems or if they are all on
> the same system if nobody is looking at them.
>
>
>
> Ben
>
>
>
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob Milman
> Sent: Thursday, April 28, 2011 4:23 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] SIEM
>
>
>
> Hi all,
>
>
>
> I’ve been asked to evaluate products in order to implement a SIEM solution
> for our core infrastructure. What, if any, SIEM solutions are working for
> you? Is anyone using OSSIM by alienvault?
>
>
>
> Thanks,
>
>
>
> Rob
>
>
>
> Security and Compliance Analyst, Information Systems, SAIT Polytechnic
>
> 1301 - 16 Avenue NW, Calgary, Alberta, Canada  T2M 0L4
>
> Ph (403) 210.4229, Cell (403) 606.3173, Fax (403) 284-8811
>
> http://www.sait.ca



-- 
Thanks,

Aaron Sigmon
Information Systems Analyst III
ITS - Information Technology Services
Central Piedmont Community College
Office:  704-330-6141
Mobile:  704-363-7577