Educause Security Discussion mailing list archives

Re: SIEM

From: "Pratt, Benjamin E." <bepratt () STCLOUDSTATE EDU>
Date: Fri, 29 Apr 2011 07:21:14 -0500

We had a project where we evaluated SIEM products a couple of years ago and chose to go with a product from LogRhythm. 
With the little that I've played with it the product seems to have some nice built-in reporting and the ability to do a 
fair amount of customization. Unfortunately, as is the issue with many of our security projects on campus, the backing 
of resources has not followed the initial investment of time. I guess my big take-away is that it doesn't matter if 
logs are on separate systems or if they are all on the same system if nobody is looking at them.

Ben

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rob 
Milman
Sent: Thursday, April 28, 2011 4:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] SIEM

Hi all,

I've been asked to evaluate products in order to implement a SIEM solution for our core infrastructure. What, if any, 
SIEM solutions are working for you? Is anyone using OSSIM by alienvault?

Thanks,

Rob

Security and Compliance Analyst, Information Systems, SAIT Polytechnic
1301 - 16 Avenue NW, Calgary, Alberta, Canada  T2M 0L4
Ph (403) 210.4229, Cell (403) 606.3173, Fax (403) 284-8811
http://www.sait.ca<http://www.sait.ca/>

Current thread:

SIEM Rob Milman (Apr 28)
- Re: SIEM Matthew Gracie (Apr 28)
- Re: SIEM Pratt, Benjamin E. (Apr 29)
  - Re: SIEM Aaron Sigmon (Apr 29)
    - Re: SIEM James R. Pardonek (Apr 29)
  - Re: SIEM Chris Vakhordjian (Apr 29)
- Re: SIEM Ferris, Joe (Apr 29)
  - Re: SIEM King, Ronald A. (Apr 29)
- Re: SIEM Gibson, Nathan J. (HSC) (Apr 29)