Educause Security Discussion mailing list archives
Re: SIEM Tools
From: "Bridges, Robert A." <bridgesra () ORNL GOV>
Date: Mon, 22 Jan 2018 15:35:54 +0000
All, I’m a researcher and not an operator, but I interact w/ SOC operators regularly. Splunk ES has gotten bad reviews from the folks I know (that’s not to say they don’t like/use Splunk) Stucco is an open-source R&D project (less mature) for correlating internal and external data: https://github.com/stucco -- Robert A. Bridges, PhD, Research Mathematician, Cyber & Information Science Research Group, Oak Ridge National Laboratory From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Rob Milman <rob.milman () SAIT CA> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Monday, January 22, 2018 at 10:26 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] SIEM Tools +1 for Splunk From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Madl, Michael Sent: Friday, January 19, 2018 7:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SIEM Tools I am currently reviewing several SIEM products [QRadar, Alien Vault, Log Rhythm etc.]. Can anyone share any success stories with the product they are utilizing. I have utilized Alien Vault in the past and the correlation functionality is pretty good. Threat detection is also done well. Gartner has been a great tool for review but wondering if anyone had any strong feelings/experiences with certain tools. Thank you in advance, MICHAEL MADL INFORMATION SECURITY OFFICER UNIVERSITY INFORMATION TECHNOLOGY INDIANA WESLEYAN UNIVERSITY 4201 SOUTH WASHINGTON STREET MARION, IN 46953 765.677.2688 | 765.677.2020 FAX michael.madl () indwes edu<mailto:mike.madl () indwes edu> INDWES.EDU/IT<http://indwes.edu/IT> [id:image001.jpg@01D3436E.D1E0F1C0] CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information. If you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this information. If you have received this email in error, please notify the sender by replying to this message and immediately delete this message.
Current thread:
- Re: SIEM Tools, (continued)
- Re: SIEM Tools Adam Menos (Jan 22)
- Re: SIEM Tools Tina Thorstenson (Jan 22)
- Re: SIEM Tools Kevin Wilcox (Jan 22)
- Re: SIEM Tools Manjak, Martin (Jan 22)
- Re: SIEM Tools David D Grisham (Jan 20)
- Re: SIEM Tools Chad Tracy (Jan 20)
- Re: SIEM Tools Ramon Rentas (Jan 22)
- Re: SIEM Tools Shelton Waggener (Jan 23)
- Re: SIEM Tools Chad Tracy (Jan 20)
- Re: SIEM Tools Frank Barton (Jan 22)
- Re: SIEM Tools Bridges, Robert A. (Jan 22)
- Re: SIEM Tools Kevin Wilcox (Jan 22)
- Re: SIEM Tools Collyer, Jeffrey W. (jwc3f) (Jan 22)
- Re: SIEM Tools Jeannine Shantz (Jan 22)