Before dropping A LOT of money on a commercial SIEM installation, consider your open source options.
OSSIM and / or ELK are your most prevalent open source SIEM solutions. ELK is the preferred deployment due to ease of use / deployment, as well as being less resource intensive.
Beyond SIEM, most organizations need to feed these log analyzers. While OSSEC is an option, rsyslog / tail / curl is preferred as most orgs that have adept engineering teams are comfortable with open source solutions / scripting.
No comments:
Post a Comment