Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

SIEM

The hardest part about gathering information across the entire corporate network and environment is the scale of the data. Even analyzing one aspect of logs can be overwhelming. MSSP know this first hand as data analysis must be done repeatedly and for an ever growing list of clients. SIEM (Security Information and Event Management) is as attempt to collect and remediate security incidents and events.

Some of the more popular SIEM companies (paid and open source) used by MSSPs and Corporate security are:

  • Solar Winds
  • ArcSight
  • Splunk/Splunk Free
  • RSA Netwitness
  • IMB QRadar
  • OSSIM/Alien Vault
  • BlackStratus
  • Prelude
  • Event Tracker
  • OSSEC
  • Apache Metron
  • SIEMonster
  • Security Onion
  • Bro.org
  • OpenVAS
  • Cloud Passage
  • FireEye
  • AlgoSec
  • Firemon
  • LogRhythm
  • Elk Stack

There isn’t one “do it all” solution. Many SIEM solutions focus on particular aspects of security. Your needs will dictate which SIEM vendor(s) you support. What is your favorite? We will soon have articles relating to the various SIEM vendors.

Subcategories of SIEM:

Last updated on 28 Feb 2019
Published on 28 Feb 2019