SMB Security Event Management Tool

[jsawyer at ufl.edu (John Sawyer)]

LogLogic has Lasso for the Windows Event Log to Syslog function but I  
don't think they have any free sort of SEM tool. You'll still need to  
push it to Splunk, Kiwi Syslog Daemon, OSSEC, or something that chews  
on syslog data.

The problem with almost all of those solutions is that they don't  
provide alerting. You have to go into the tool to search or run a  
report. If it were me, I'd probably go with OSSEC for the alerting  
functionality along with host integrity checking and active response.  
Then, use Splunk for a slick interface to dig deep into the alerts.  
There's some cool Splunk Applications over at SplunkBase with  
different focuses that would fit well here like the "Splunk for  
Windows Management."

-jhs

On Apr 8, 2009, at 10:26 PM, Vincent Lape wrote:

> Have you looked @ loglogics?
> On Apr 7, 2009, at 8:55 PM, Jim Manley wrote:
>
> > I'm looking for a security event management tool (log correlation,
> > auditing, etc.) that would be suitable for small/medium size business
> > environment.  The environments in which it would be deployed into are
> > primarily MS Windows with a smattering of Linux.
> >
> > It doesn't need a lot of bells and whistles and it needs to be fairly
> > easy to set up and operate (the people doing the work are primarily
> > physical security types with the average user's knowledge).  Ideally
> > it
> > needs to trigger on Windows event manager and security manager codes
> > for
> > things like failed logins, etc.
> >
> > Thanks,
> >
> > Jim
> > aka oaa PDP/11