Educause Security Discussion mailing list archives
Re: Open source SIEM
From: Max McGrath <mmcgrath () CARTHAGE EDU>
Date: Tue, 11 Feb 2020 14:47:03 -0600
Zepu - Take a look at Security Onion (it has ELK built into it). I've been very happy with it, but to do it right, it requires some pretty beefy hardware. We also ended up getting hours with Security Onion Solutions to get a jump start on having it properly setup. They are also currently working on the next revision of Security Onion (Hybrid Hunter) which will have TheHive and Kolide Fleet (for osquery) built in to it. Max -- Max McGrath <http://www.linkedin.com/in/max-mcgrath-a299124b> Infrastructure and Security Manager Carthage College 262-551-6666 mmcgrath () carthage edu On Tue, Feb 11, 2020 at 12:49 PM Zepu Chen <zepu.chen () denison edu> wrote:
Good Afternoon, We are researching the possibility to implement an open-source SIEM solution at our University. The project we are currently reviewing is MozDef from Mozilla. Does anyone currently have MozDef or other open-source SIEM implemented in your environment? How are the implementation and operations experience so far? We are interested in seeing what other schools are doing. We would greatly appreciate it if you would be kind enough to share any pitfalls, constraints and roadblocks as well as implementation recommendations. Thanks, [image: Denison University] <https://urldefense.com/v3/__https://denison.edu/__;!!DWqe1SB0EKY-!bAxh6TLVE71YYU0xCv7oI39aKD8ZonePTjPOz88Iz8foZg2b_IeT97mC-MRXaGqF3CU$> *Zepu Chen* *Systems & Security Administrator* Information Technology Services Office: 740-587-5307 <1-740-587-5307> zepu.chen () denison edu ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.com/v3/__https://www.educause.edu/community__;!!DWqe1SB0EKY-!bAxh6TLVE71YYU0xCv7oI39aKD8ZonePTjPOz88Iz8foZg2b_IeT97mC-MRXr4QeSkE$>
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Open source SIEM Zepu Chen (Feb 11)
- Re: Open source SIEM Cleary, Kevin (Feb 11)
- Re: Open source SIEM Rogers, Zach (Feb 11)
- Re: Open source SIEM Max McGrath (Feb 11)
- Re: Open source SIEM Kevin Wilcox (Feb 11)
- Re: Open source SIEM Kimmitt, Jonathan (Feb 11)
- Re: Open source SIEM David Eilken (Feb 12)
- Re: Open source SIEM Powell, Andy (Feb 12)
- Re: Open source SIEM Nevin, Dave (Feb 12)
- Re: Open source SIEM David Eilken (Feb 12)