Educause Security Discussion mailing list archives

Re: SIEM Solutions


From: Shawn Kohrman <skohrman () APU EDU>
Date: Tue, 12 Jun 2012 12:04:58 -0700

Matthew,
Here are the total responses I've received.

Shawn
-----
Shawn A. Kohrman, Security Architect

Azusa Pacific University
Information & Media Technology
901 E. Alosta Ave., PO Box 7000
Azusa, CA 91702-7000

P:  626.815.2054 | F:  626.815.2061 | http://www.apu.edu/
-----



On Wed, Jun 6, 2012 at 8:44 PM, Matthew Hodgett <m.hodgett () qut edu au>wrote:

Shawn,

I was hoping to see some of the responses myself. We have been using a
syslog server as a forensic store for many years, and diverting information
to a SEIM for live analyses. Both of these systems can also collect data
directly that would otherwise be missing. The time is right for us to
re-assess our situation and are interested to hear what others are doing.

Regards
Matthew


On 06/06/12 09:33, Shawn Kohrman wrote:

Many thanks to all of you who responded!  I'll keep you posted as we move
forward.

Shawn
-----
Shawn A. Kohrman, Security Architect

Azusa Pacific University
Information & Media Technology
901 E. Alosta Ave., PO Box 7000
Azusa, CA 91702-7000

P:  626.815.2054 | F:  626.815.2061 | http://www.apu.edu/
-----



On Tue, Jun 5, 2012 at 8:52 AM, Paul Hanson <paulh () haas berkeley edu<mailto:
paulh@haas.berkeley.**edu <paulh () haas berkeley edu>>> wrote:

   We're currently evaluating the community edition of Alienvault since
it supports ossec, syslog, arpwatch, p0f, and snort.  There are a plethora
of other products it supports but those are the big hitters.  I've heard
the professional version is leaps and bounds above the free version but
haven't gotten that far.

   In terms of alternatives I've heard good things about
   IBM QRadar (formerly Q1 Labs)
   Tenable Log Correlation Engine
   Solarwinds Log & Event Manager (formerly Trigeo)

   Cheers!
   Paul


   -----Original Message-----
   From: The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY@LISTSERV.**EDUCAUSE.EDU <SECURITY () LISTSERV EDUCAUSE EDU><mailto:
SECURITY@LISTSERV.**EDUCAUSE.EDU <SECURITY () LISTSERV EDUCAUSE EDU>>] On
Behalf Of Shawn Kohrman
   Sent: Monday, June 04, 2012 2:49 PM
   To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY@LISTSERV.**
EDUCAUSE.EDU <SECURITY () LISTSERV EDUCAUSE EDU>>
   Subject: [SECURITY] SIEM Solutions

   Hello,
   I am currently working on a proposal for implementing a central
logging system for our various services/devices.  I was wondering if I
should be looking for a SIEM solution to consolidate event correlation with
log management.

   I'm curious to know what others have done or are planning in this area.

   Shawn

   -----
   Shawn A. Kohrman, Security Architect


   Azusa Pacific University
   Information & Media Technology
   901 E. Alosta Ave., PO Box 7000
   Azusa, CA 91702-7000

   P: 626.815.2054 <tel:626.815.2054> | F: 626.815.2061 <tel:626.815.2061>
| http://www.apu.edu/
   -----



--
Matthew Hodgett, MInfTech, CISSP
IT Security Engineer | Queensland University of Technology
Phone: (07) 313 89454 | Fax: (07) 31382921

QUT Classifications, refer MOPP F/1.2.5
CRISCO No. 00213J

Attachment: Educause Responses - SIEM Solutions.pdf
Description:


Current thread: