Educause Security Discussion mailing list archives

Re: Centralized Log Management

From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Fri, 5 Feb 2021 18:37:37 +0000

May I ask a few questions...

  1.   What do you use for operations vs security logging?
  2.   Do you have staff working on the system now?  How many?
  3.   Are you looking for more of cloud-based SOC model now?  More of a cloud-based SIEM with better support?

We are evaluating Greenbone product with NNT (https://www.newnettechnologies.com/products.html).  Their support has 
been very helpful.  They have two products in the SIEM/logging arena, but we have not looked at them yet.

Robert W. Barton
Executive Director of Information Security & Policy
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Petrus Williams 
<PWilliams () GETTY EDU>
Sent: Friday, February 5, 2021 12:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Centralized Log Management

The Getty uses AlienVault for centralized log monitoring/management. These are mostly security event logs from multiple 
infrastructure components ( servers, firewall, switches etc.). The platform is unwieldy and ready to be retired. I'd 
like to move this function to the cloud and have the monitoring tasks outsourced to a vendor. Any recommendations on 
platforms and a cost effective organization that we can outsource this logging and monitoring tasks to would be 
appreciated. Thanks

Petrus Williams
Assistant Director GDI Infrastructure & Operations
J. Paul Getty Trust
Phone: 310-440-6397

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Centralized Log Management Petrus Williams (Feb 05)
- Re: Centralized Log Management Barton, Robert W. (Feb 05)
- <Possible follow-ups>
- Re: Centralized Log Management Gary Starling (Feb 05)