Might want to take a look at AlienVault's offerings. They offer a pay-for SIEM, (http://www.alienvault.com/) and a community version called OSSIM (http://www.alienvault.com/community)
Haven't had the time to work with OSSIM, but working with a free version will either fill your needs, or allow you to pilot something that will give you a much better idea of what to look for among the commercial candidates. Kurt On Thu, Nov 10, 2011 at 05:49, David Lum <[email protected]> wrote: > Three physical locations, hundreds of devices and I don’t know how many > different types of sources, but a lot. Web servers, app servers, DB’s, > routers, switches, etc. > > > > Thanks, > > Dave > > > > From: Ken Schaefer [mailto:[email protected]] > Sent: Wednesday, November 09, 2011 8:28 PM > > To: NT System Admin Issues > Subject: RE: SIEM solutions > > > > How big is the environment? What is the scope of devices? > > > > SEIMs are designed to take logs from multiple sources, do log > collection/analysis, event correlation/alerting. Something like SCOM isn’t > designed for that, and ACS does Windows only (AFAIK). How about your > firewalls, AV, HIPS/NIPS, proxies servers etc. Unless they are all > Microsoft, I don’t see how ACS can help OP. I wasn’t aware that Quest had a > product in this market. > > > > Arcsight (now part of HP) is the #1 vendor that I’m aware of. Symantec also > has a product (SSIM), but I’m not sure I recommend it due to previous > experience > > > > Cheers > > Ken > > > > From: James Rankin [mailto:[email protected]] > > Sent: Thursday, 10 November 2011 3:07 AM > To: NT System Admin Issues > Subject: Re: SIEM solutions > > > > System Center Operations Manager with Audit Collection Services can do all > this and more, if I am getting the gist of your requirements correctly > > On 9 November 2011 18:54, David Lum <[email protected]> wrote: > > For me, it’s simply log aggregation and alerting. The bigger goal is a stuff > way out of my scope as it’s being driven from our product side (I am > employee-facing, not product facing). I’ve been included on this project > just for my technical input and am much more a passenger than a driver on > this project. > > > > The vendor list I sent out was narrowed down from a bigger selection. I was > simply looking for anyone who has deployed or evaluated SIEM products from > the listed vendors is all. > > > > Dave > > > > From: Michael B. Smith [mailto:[email protected]] > Sent: Wednesday, November 09, 2011 10:44 AM > > To: NT System Admin Issues > > Subject: RE: SIEM solutions > > > > What is the goal? > > > > On the low end, you are leaving out NetWrix, in the middle you are leaving > out ConfigMgr, and on the upper end you are leaving out various Quest > solutions. > > > > But it all depends on what you are trying to do. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: David Lum [mailto:[email protected]] > > Sent: Wednesday, November 09, 2011 1:35 PM > To: NT System Admin Issues > Subject: SIEM solutions > > > > We are looking at some SIEM (Security Information and Event Management) > solutions and are looking at products from the following vendors – does > anyone here have a SIEM solution or experience and have anything to say > about any of these? > > ArcSight > RSA > LogRhythm > > NitroSecurity > > netForensics > > elQnetworks > > Prism Microsystems > > Virtela > > > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
