Educause Security Discussion mailing list archives

Re: SIEM Tools

From: Ramon Rentas <rentas () MACALESTER EDU>
Date: Tue, 23 Jan 2018 02:04:39 +0000

Actually, that’s a good idea.

On Sat, Jan 20, 2018 at 4:09 PM Chad Tracy <chad.tracy () colby edu> wrote:

We are a very small shop and required a tool that would not take a lot of
time to tune and work with. We transitioned from QRadar to SumoLogic.

Chad Tracy
Director of Information Security
Colby College
Waterville, ME 04901
207 . 859 . 4199
chad.tracy () colby edu

On Sat, Jan 20, 2018 at 11:32 AM, David D Grisham <DGrisham () salud unm edu>
wrote:

Also, there's a lot of good information about planning your SOC and
gathering information from SANS SIM course. Cheers.-grish



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Madl, Michael
*Sent:* Friday, January 19, 2018 7:49 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] SIEM Tools



I am currently reviewing several SIEM products [QRadar, Alien Vault, Log
Rhythm etc.].



Can anyone share any success stories with the product they are
utilizing.  I have utilized Alien Vault in the past and the correlation
functionality is pretty good.  Threat detection is also done well.



Gartner has been a great tool for review but wondering if anyone had any
strong feelings/experiences with certain tools.





Thank you in advance,





MICHAEL MADL

INFORMATION SECURITY OFFICER

UNIVERSITY INFORMATION TECHNOLOGY



INDIANA WESLEYAN UNIVERSITY

4201 SOUTH WASHINGTON STREET
<https://maps.google.com/?q=4201+SOUTH+WASHINGTON+STREET%0D+MARION,+IN+46953%0D+%C2%A0%0D+765&entry=gmail&source=g>

<https://maps.google.com/?q=4201+SOUTH+WASHINGTON+STREET____%0D+MARION,+IN+46953+%3Chttps://maps.google.com/?q%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION,%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg%3E____%0D+%C2%A0____%0D+765&entry=gmail&source=g>

MARION, IN 46953
<https://maps.google.com/?q=4201+SOUTH+WASHINGTON+STREET%0D+MARION,+IN+46953%0D+%C2%A0%0D+765&entry=gmail&source=g>

<https://maps.google.com/?q=4201+SOUTH+WASHINGTON+STREET____%0D+MARION,+IN+46953+%3Chttps://maps.google.com/?q%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION,%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg%3E____%0D+%C2%A0____%0D+765&entry=gmail&source=g>


<https://maps.google.com/?q=4201+SOUTH+WASHINGTON+STREET____%0D+MARION,+IN+46953+%3Chttps://maps.google.com/?q%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION,%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg%3E____%0D+%C2%A0____%0D+765&entry=gmail&source=g>

<https://maps.google.com/?q=4201+SOUTH+WASHINGTON+STREET____%0D+MARION,+IN+46953+%3Chttps://maps.google.com/?q%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION,%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg%3E____%0D+%C2%A0____%0D+765&entry=gmail&source=g>

765.677.2688 <(765)%20677-2688>   |   765.677.2020 <(765)%20677-2020> FAX

michael.madl () indwes edu <mike.madl () indwes edu>



INDWES.EDU/IT <http://indwes.edu/IT>



[image: cid:image001.jpg@01D3436E.D1E0F1C0]



*CONFIDENTIALITY NOTICE:* *This email, including applicable attachments,
may include legally protected information.  If you are not the intended
recipient of this message, you may not disclose, print, copy, save, or
disseminate this information. If you have received this email in error,
please notify the sender by replying to this message and immediately delete
this message.*

--

Ramón
---

Ramón Rentas

Associate Director for Infrastructure & Enterprise Application Services

Information Technology Services

rentas () macalester edu

1600 Grand Avenue

Saint Paul, MN 55105 USA

[image: mac-sec-horizontal-logo-150w.jpg]
                                                        *Never email your
password to anyone!*

The information transmitted may contain confidential material and is
intended only for the person or entity to which it is addressed.  Any
review, retransmission, dissemination or other use of, or taking of any
action by persons or entities other than the intended recipient is
prohibited.  If you are not the intended recipient, please delete the
information from your system and contact the sender.  The opinions
expressed are those of the sender, and not necessarily those of Macalester
College.

Current thread:

Re: *EXT* Re: [SECURITY] SIEM Tools, (continued)
- - - Re: *EXT* Re: [SECURITY] SIEM Tools Velislav K Pavlov (Jan 22)
    - Re: *EXT* Re: [SECURITY] SIEM Tools Pardonek, Jim (Jan 22)
    - Re: SIEM Tools Frank Barton (Jan 22)
    - Re: SIEM Tools Brad Judy (Jan 22)
    - Re: SIEM Tools Adam Menos (Jan 22)
    - Re: SIEM Tools Tina Thorstenson (Jan 22)
    - Re: SIEM Tools Kevin Wilcox (Jan 22)
    - Re: SIEM Tools Manjak, Martin (Jan 22)
- Re: SIEM Tools David D Grisham (Jan 20)
  - Re: SIEM Tools Chad Tracy (Jan 20)
    - Re: SIEM Tools Ramon Rentas (Jan 22)
    - Re: SIEM Tools Shelton Waggener (Jan 23)
- Re: SIEM Tools Michael Klint Borozan (Jan 21)
- Re: SIEM Tools Rob Milman (Jan 22)
- Re: SIEM Tools Bridges, Robert A. (Jan 22)
  - Re: SIEM Tools Frank Barton (Jan 22)
    - Re: SIEM Tools Bridges, Robert A. (Jan 22)
    - Re: SIEM Tools Kevin Wilcox (Jan 22)
    - Re: SIEM Tools Collyer, Jeffrey W. (jwc3f) (Jan 22)
    - Re: SIEM Tools Jeannine Shantz (Jan 22)