PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Looking for some event and security log monitoring software

From: Chris Keladis <ckeladis () gmail com>
Date: Wed, 18 Jul 2012 10:01:18 +1000
On Wed, Jul 18, 2012 at 1:12 AM, Chris Tizzano <CTizzano () bn com> wrote:


You can look at WinRM to roll up events in a Windows environment with W2K8 servers acting as collectors, then feed 
this into any SIEM, such as splunk.


Just to clarify - Splunk itself is more a (to use their words) an
"operational-intelligence" tool which you can turn into a SIEM either
manually, or by some of their free apps or purchase of their
Enterprise Security app (and similar security apps they offer).

Splunk is quite cool, it's ability to index any "time-series" data
(not necessarily just logs) make it easily extensible and quite
unique.

Throw in a rich search/analytics language, and you can really go to town.

It's price-point is comparable to other OI/SIEM solutions, but
everyone has their own opinion/needs there :)

Depending on the OPs needs, alot of other vendors mentioned in this
thread have some really good stuff as well, including the Open-Source
solutions.


Chris.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: