PaulDotCom mailing list archives
SMB Security Event Management Tool
From: jsawyer at ufl.edu (John Sawyer)
Date: Wed, 8 Apr 2009 23:05:42 -0400
LogLogic has Lasso for the Windows Event Log to Syslog function but I don't think they have any free sort of SEM tool. You'll still need to push it to Splunk, Kiwi Syslog Daemon, OSSEC, or something that chews on syslog data. The problem with almost all of those solutions is that they don't provide alerting. You have to go into the tool to search or run a report. If it were me, I'd probably go with OSSEC for the alerting functionality along with host integrity checking and active response. Then, use Splunk for a slick interface to dig deep into the alerts. There's some cool Splunk Applications over at SplunkBase with different focuses that would fit well here like the "Splunk for Windows Management." -jhs On Apr 8, 2009, at 10:26 PM, Vincent Lape wrote:
Have you looked @ loglogics? On Apr 7, 2009, at 8:55 PM, Jim Manley wrote:I'm looking for a security event management tool (log correlation, auditing, etc.) that would be suitable for small/medium size business environment. The environments in which it would be deployed into are primarily MS Windows with a smattering of Linux. It doesn't need a lot of bells and whistles and it needs to be fairly easy to set up and operate (the people doing the work are primarily physical security types with the average user's knowledge). Ideally it needs to trigger on Windows event manager and security manager codes for things like failed logins, etc. Thanks, Jim aka oaa PDP/11
Current thread:
- SMB Security Event Management Tool, (continued)
- SMB Security Event Management Tool Jonathan Moore (Apr 08)
- SMB Security Event Management Tool Chris Merkel (Apr 08)
- SMB Security Event Management Tool Tim Krabec (Apr 08)
- SMB Security Event Management Tool Jason Wood (Apr 08)
- SMB Security Event Management Tool Tim Krabec (Apr 08)
- SMB Security Event Management Tool Jonathan Moore (Apr 08)
- SMB Security Event Management Tool Dan McGinn-Combs (Apr 09)
- SMB Security Event Management Tool Neils Christoffersen (Apr 09)
- SMB Security Event Management Tool Ron Gula (Apr 10)
- SMB Security Event Management Tool John Sawyer (Apr 08)