Educause Security Discussion mailing list archives

Re: SIEM

From: "James R. Pardonek" <pardonjr () PURDUECAL EDU>
Date: Fri, 29 Apr 2011 11:03:56 -0500

We have been using the SIEM product from Enterasys Networks.  We have the same issues with log review, the appliance 
has a fairly good reporting feature set, so we made a determination of what log entries were important for us to 
review.  The SIEM pulls them into a report and emails it to the appropriate technical group.  Saves a lot of time and 
passed our IA scrutiny.

Jim

Please let me know if there is anything additional I can assist you with to ensure the service you received today has 
been excellent. 

James R. Pardonek, CISSP CEH CPT
Assistant Director for Information Security and Assurance
Information Services
Purdue University Calumet
Hammond, Indiana
P: (219)989-2745

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Aaron 
Sigmon
Sent: Friday, April 29, 2011 8:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM

We've been using OSSEC and have been pretty impressed.  It's free and open source.  Also, the active response feature 
is nice if you have a lot of Linux servers in your environment.  You can check it out at www.ossec.net.

On Fri, Apr 29, 2011 at 8:21 AM, Pratt, Benjamin E.
<bepratt () stcloudstate edu> wrote:

We had a project where we evaluated SIEM products a couple of years 
ago and chose to go with a product from LogRhythm. With the little 
that I've played with it the product seems to have some nice built-in 
reporting and the ability to do a fair amount of customization. 
Unfortunately, as is the issue with many of our security projects on 
campus, the backing of resources has not followed the initial 
investment of time. I guess my big take-away is that it doesn't matter 
if logs are on separate systems or if they are all on the same system if nobody is looking at them.



Ben



From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob Milman
Sent: Thursday, April 28, 2011 4:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] SIEM



Hi all,



I've been asked to evaluate products in order to implement a SIEM 
solution for our core infrastructure. What, if any, SIEM solutions are 
working for you? Is anyone using OSSIM by alienvault?



Thanks,



Rob



Security and Compliance Analyst, Information Systems, SAIT Polytechnic

1301 - 16 Avenue NW, Calgary, Alberta, Canada  T2M 0L4

Ph (403) 210.4229, Cell (403) 606.3173, Fax (403) 284-8811

http://www.sait.ca




--
Thanks,

Aaron Sigmon
Information Systems Analyst III
ITS - Information Technology Services
Central Piedmont Community College
Office:  704-330-6141
Mobile:  704-363-7577

Current thread:

SIEM Rob Milman (Apr 28)
- Re: SIEM Matthew Gracie (Apr 28)
- Re: SIEM Pratt, Benjamin E. (Apr 29)
  - Re: SIEM Aaron Sigmon (Apr 29)
    - Re: SIEM James R. Pardonek (Apr 29)
  - Re: SIEM Chris Vakhordjian (Apr 29)
- Re: SIEM Ferris, Joe (Apr 29)
  - Re: SIEM King, Ronald A. (Apr 29)
- Re: SIEM Gibson, Nathan J. (HSC) (Apr 29)