Personally I think that Security Onion is more or less perfect if you looking for a quick open source solution. There's a watcher agent for ELK now that would be worth investigating for doing event correlation and a ton of other projects for ELK. Combining that with event log forwarding and something like ELK or ELSA can get you lots of data, but then you have to come up with correlating events and such. Robert Wilson: OSSEC agents running on windows endpoints and domain controllers combined with auditing can give you a ton of information for no "cost" other than customization.Īlert me on elevated account login, alert me on audit policy changes, event log clearing, etc. NOTE: I tried to give credit to the authors where I could extract the name from the email, for some reason that was not always possible. Responses listed by software distribution are below. I posed a question to the GIAC Advisory Board: Is anyone using an Open source SIEM in your organization? If so, can you spare a paragraph about it please. In the same way that you can barely see the patchy rainbow to the left of the mountain, you can barely see the impact that Open Source SIEM is going to have on processing security alert information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |