For log aggregation and alerting, wouldn't a syslogger do it? From: David Lum [mailto:[email protected]] Sent: Thursday, November 10, 2011 7:50 AM To: NT System Admin Issues Subject: RE: SIEM solutions
Three physical locations, hundreds of devices and I don't know how many different types of sources, but a lot. Web servers, app servers, DB's, routers, switches, etc. Thanks, Dave From: Ken Schaefer [mailto:[email protected]] Sent: Wednesday, November 09, 2011 8:28 PM To: NT System Admin Issues Subject: RE: SIEM solutions How big is the environment? What is the scope of devices? SEIMs are designed to take logs from multiple sources, do log collection/analysis, event correlation/alerting. Something like SCOM isn't designed for that, and ACS does Windows only (AFAIK). How about your firewalls, AV, HIPS/NIPS, proxies servers etc. Unless they are all Microsoft, I don't see how ACS can help OP. I wasn't aware that Quest had a product in this market. Arcsight (now part of HP) is the #1 vendor that I'm aware of. Symantec also has a product (SSIM), but I'm not sure I recommend it due to previous experience Cheers Ken From: James Rankin [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, 10 November 2011 3:07 AM To: NT System Admin Issues Subject: Re: SIEM solutions System Center Operations Manager with Audit Collection Services can do all this and more, if I am getting the gist of your requirements correctly On 9 November 2011 18:54, David Lum <[email protected]<mailto:[email protected]>> wrote: For me, it's simply log aggregation and alerting. The bigger goal is a stuff way out of my scope as it's being driven from our product side (I am employee-facing, not product facing). I've been included on this project just for my technical input and am much more a passenger than a driver on this project. The vendor list I sent out was narrowed down from a bigger selection. I was simply looking for anyone who has deployed or evaluated SIEM products from the listed vendors is all. Dave From: Michael B. Smith [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, November 09, 2011 10:44 AM To: NT System Admin Issues Subject: RE: SIEM solutions What is the goal? On the low end, you are leaving out NetWrix, in the middle you are leaving out ConfigMgr, and on the upper end you are leaving out various Quest solutions. But it all depends on what you are trying to do. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Wednesday, November 09, 2011 1:35 PM To: NT System Admin Issues Subject: SIEM solutions We are looking at some SIEM (Security Information and Event Management) solutions and are looking at products from the following vendors - does anyone here have a SIEM solution or experience and have anything to say about any of these? ArcSight RSA LogRhythm NitroSecurity netForensics elQnetworks Prism Microsystems Virtela David Lum Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) 503.267.9764<tel:503.267.9764> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
