Educause Security Discussion mailing list archives
Re: *EXT* Re: [SECURITY] SIEM Tools
From: "Kingsley, Gene" <GKingsley () UMASSP EDU>
Date: Mon, 22 Jan 2018 14:26:40 +0000
+ 1 for LogRhythm. From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Velislav K Pavlov <VelislavPavlov () FERRIS EDU> Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Monday, January 22, 2018 at 8:43 AM To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] *EXT* Re: [SECURITY] SIEM Tools +1 for LogRhythm From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Seth A. Shestack Sent: Monday, January 22, 2018 7:05 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: *EXT* Re: [SECURITY] SIEM Tools WE are currently using LogRhythm and are extremely happy. We also did a POC of Splunk which seemed very good, however we felt that Splunk would require a larger team to manage since it required more programming and LogRhythm had many of these correlation rules built out of the box. A further caution, I am not sure of your log volume but we started with a smaller system (Trigeo which was bought out by Solarwinds) and found that we outgrew it because it couldn’t scale. Make sure whatever system you buy will scale to any future needs. Seth From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David D Grisham Sent: Saturday, January 20, 2018 11:31 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] SIEM Tools We are using Splunk and it is a very versatile tool. Cheers.-grish David Grisham David Grisham, PhD, CISM, CRISC 933 Bradbury Drive SE, Suite 3131 Manager, Cybersecurity, UNM Hospitals, UNM Health Science Center 505.272.5657 my email Dgrisham () salud UNM edu<mailto:Dgrisham () salud UNM edu> DO NOT provide your username, password, or any personal information in any email. UNMH WILL NEVER ask you for your username or password via email. DO NOT CLICK links or attachments unless you are positive the content is safe. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of WALTER KERNER Sent: Friday, January 19, 2018 10:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] SIEM Tools Hi Michael. We have had good luck with Alert Logic. It combines log analysis and IDS functions and has been very valuable. On Fri, Jan 19, 2018 at 9:48 PM Madl, Michael <michael.madl () indwes edu<mailto:michael.madl () indwes edu>> wrote: I am currently reviewing several SIEM products [QRadar, Alien Vault, Log Rhythm etc.]. Can anyone share any success stories with the product they are utilizing. I have utilized Alien Vault in the past and the correlation functionality is pretty good. Threat detection is also done well. Gartner has been a great tool for review but wondering if anyone had any strong feelings/experiences with certain tools. Thank you in advance, MICHAEL MADL INFORMATION SECURITY OFFICER UNIVERSITY INFORMATION TECHNOLOGY INDIANA WESLEYAN UNIVERSITY 4201 SOUTH WASHINGTON STREET<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION%2C%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Cec76183d7e4c4e8e2c7e08d56191ce74%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C1%7C636522201240013956&sdata=y8K9%2F3pwJG5jqPRAV1HRHT8XvQ73o%2BK9Y2sDRO0qI9M%3D&reserved=0> MARION, IN 46953<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION%2C%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Cec76183d7e4c4e8e2c7e08d56191ce74%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C1%7C636522201240170205&sdata=iXk80Q9F2DtNx46HfEOsXEgJK47xz64cOr%2BWBhj8V58%3D&reserved=0> 765<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION%2C%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Cec76183d7e4c4e8e2c7e08d56191ce74%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C1%7C636522201240170205&sdata=iXk80Q9F2DtNx46HfEOsXEgJK47xz64cOr%2BWBhj8V58%3D&reserved=0>.677.2688 | 765.677.2020 FAX michael.madl () indwes edu<mailto:mike.madl () indwes edu> INDWES.EDU/IT<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Findwes.edu%2FIT&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Cec76183d7e4c4e8e2c7e08d56191ce74%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C1%7C636522201240170205&sdata=mdwO%2Bsnu2rTdhxAfW2YVI9gufHP8ugcHtVXB7MfvODY%3D&reserved=0> [cid:image001.jpg@01D3436E.D1E0F1C0] CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information. If you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this information. If you have received this email in error, please notify the sender by replying to this message and immediately delete this message. -- Walter Kerner AVP and CISO Fashion Institute of Technology **Notice** This message is from a sender outside of the Ferris Office 365 mail system. Use caution when clicking links or opening attachments. For assistance determining if this email is safe, please contact TAC. ________________________________
Current thread:
- Re: *EXT* Re: [SECURITY] SIEM Tools Kingsley, Gene (Jan 22)