Re: SIEM Solutions

[Shawn Kohrman <skohrman () APU EDU>]

Many thanks to all of you who responded!  I'll keep you posted as we move
forward.

Shawn
-----
Shawn A. Kohrman, Security Architect

Azusa Pacific University
Information & Media Technology
901 E. Alosta Ave., PO Box 7000
Azusa, CA 91702-7000

P:  626.815.2054 | F:  626.815.2061 | http://www.apu.edu/
-----



On Tue, Jun 5, 2012 at 8:52 AM, Paul Hanson <paulh () haas berkeley edu> wrote:

> We're currently evaluating the community edition of Alienvault since it
> supports ossec, syslog, arpwatch, p0f, and snort.  There are a plethora of
> other products it supports but those are the big hitters.  I've heard the
> professional version is leaps and bounds above the free version but haven't
> gotten that far.
>
> In terms of alternatives I've heard good things about
> IBM QRadar (formerly Q1 Labs)
> Tenable Log Correlation Engine
> Solarwinds Log & Event Manager (formerly Trigeo)
>
> Cheers!
> Paul
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn Kohrman
> Sent: Monday, June 04, 2012 2:49 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] SIEM Solutions
>
> Hello,
> I am currently working on a proposal for implementing a central logging
> system for our various services/devices.  I was wondering if I should be
> looking for a SIEM solution to consolidate event correlation with log
> management.
>
> I'm curious to know what others have done or are planning in this area.
>
> Shawn
>
> -----
> Shawn A. Kohrman, Security Architect
>
>
> Azusa Pacific University
> Information & Media Technology
> 901 E. Alosta Ave., PO Box 7000
> Azusa, CA 91702-7000
>
> P:  626.815.2054 | F:  626.815.2061 | http://www.apu.edu/
> -----