Educause Security Discussion mailing list archives
Re: Open source SIEM
From: "Rogers, Zach" <Zach.Rogers () OREGONSTATE EDU>
Date: Tue, 11 Feb 2020 19:01:00 +0000
Hi Zepu, We’ve been quite happy with our experience using the Elastic Stack on our end. They had added additional features that no longer require a license; that might be worth looking into if MozDef doesn’t suit your needs. All the best, -- Zach Rogers Lead Security Analyst Security and Network Monitoring Oregon Research & Teaching Security Operations Center (ORTSOC) Phone: 541.737.7723 GPG Fingerprint: 4FDB C8C0 CB65 14CB 0B0C A2A4 FE0C 5989 71EA 2D3C From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Zepu Chen <zepu.chen () DENISON EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Tuesday, February 11, 2020 at 10:50 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Open source SIEM Good Afternoon, We are researching the possibility to implement an open-source SIEM solution at our University. The project we are currently reviewing is MozDef from Mozilla. Does anyone currently have MozDef or other open-source SIEM implemented in your environment? How are the implementation and operations experience so far? We are interested in seeing what other schools are doing. We would greatly appreciate it if you would be kind enough to share any pitfalls, constraints and roadblocks as well as implementation recommendations. Thanks, [Image removed by sender. Denison University]<https://denison.edu/> Zepu Chen Systems & Security Administrator Information Technology Services Office: 740-587-5307<tel:1-740-587-5307> zepu.chen () denison edu<mailto:zepu.chen () denison edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Open source SIEM Zepu Chen (Feb 11)
- Re: Open source SIEM Cleary, Kevin (Feb 11)
- Re: Open source SIEM Rogers, Zach (Feb 11)
- Re: Open source SIEM Max McGrath (Feb 11)
- Re: Open source SIEM Kevin Wilcox (Feb 11)
- Re: Open source SIEM Kimmitt, Jonathan (Feb 11)
- Re: Open source SIEM David Eilken (Feb 12)
- Re: Open source SIEM Powell, Andy (Feb 12)
- Re: Open source SIEM Nevin, Dave (Feb 12)
- Re: Open source SIEM David Eilken (Feb 12)