Educause Security Discussion mailing list archives
Re: Centralized Log Management
From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Fri, 5 Feb 2021 18:37:37 +0000
May I ask a few questions... 1. What do you use for operations vs security logging? 2. Do you have staff working on the system now? How many? 3. Are you looking for more of cloud-based SOC model now? More of a cloud-based SIEM with better support? We are evaluating Greenbone product with NNT (https://www.newnettechnologies.com/products.html). Their support has been very helpful. They have two products in the SIEM/logging arena, but we have not looked at them yet. Robert W. Barton Executive Director of Information Security & Policy Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Petrus Williams <PWilliams () GETTY EDU> Sent: Friday, February 5, 2021 12:27 PM To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Centralized Log Management The Getty uses AlienVault for centralized log monitoring/management. These are mostly security event logs from multiple infrastructure components ( servers, firewall, switches etc.). The platform is unwieldy and ready to be retired. I'd like to move this function to the cloud and have the monitoring tasks outsourced to a vendor. Any recommendations on platforms and a cost effective organization that we can outsource this logging and monitoring tasks to would be appreciated. Thanks Petrus Williams Assistant Director GDI Infrastructure & Operations J. Paul Getty Trust Phone: 310-440-6397 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Centralized Log Management Petrus Williams (Feb 05)
- Re: Centralized Log Management Barton, Robert W. (Feb 05)
- <Possible follow-ups>
- Re: Centralized Log Management Gary Starling (Feb 05)