When we evaluated about a year ago, we were going with Nitro. Then budget got cut.
We looked at Splunk, RSA and Arcsight. If the size of your monitoring fits, the Arcsight Express is a pretty decent product as will. Arcsight estimated I would need 1.5 FTE just to manage the full Arcsight which was a deal killer. On Monday, May 7, 2012, Ziots, Edward wrote: > We looked at Nitro before it wasn’t half bad at all. **** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected] <javascript:_e({}, 'cvml', '[email protected]');>*** > * > > ** ** > > *From:* Christopher Bodnar > [mailto:[email protected]<javascript:_e({}, 'cvml', > '[email protected]');>] > > *Sent:* Friday, May 04, 2012 4:38 PM > *To:* NT System Admin Issues > *Subject:* Re: For those using a centralized Eventlog Management > Solution, what are you using and why?**** > > ** ** > > The guys in our security group here use Nitro (now McAfee) and seem to > like it . > > **** > > *Christopher Bodnar* > Enterprise Achitect I, Corporate Office of Technology:Enterprise > Architecture and Engineering Services **** > > Tel 610-807-6459 > 3900 Burgess Place, Bethlehem, PA 18017 > [email protected] **** > > > * > The Guardian Life Insurance Company of America* > * > *www.guardianlife.com **** > > > > > > > From: "Ziots, Edward" <[email protected] <javascript:_e({}, > 'cvml', '[email protected]');>> > To: "NT System Admin Issues" > <[email protected]<javascript:_e({}, 'cvml', > '[email protected]');> > > > Date: 05/04/2012 02:23 PM > Subject: For those using a centralized Eventlog Management > Solution, what are you using and why? **** > ------------------------------ > > > > > To the list, > > Been tasked to look into this, and I would like to get a feeling of what > everyone is utilizing out there for eventlog management for about 1000 > servers to include web servers, database (SQL/Oracle etc etc) and file and > print systems. > > I have seen in the past RSA Envision, and LogLogic, but looking to see > what everyone else likes and works for them. MY end goal is to harvest and > store the logs on my systems for up to 1 yr, and have a dashboard of the > most critical events for the bosses to look at and things to be remediated > ( along with satisfying compliance and auditors wishes) > > Sincerely, > EZ > > Edward Ziots > CISSP, Security +, Network + > Security Engineer > Lifespan Organization > [email protected] <javascript:_e({}, 'cvml', '[email protected]');> > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected]<javascript:_e({}, > 'cvml', '[email protected]');> > with the body: unsubscribe ntsysadmin **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected]<javascript:_e({}, > 'cvml', '[email protected]');> > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected]<javascript:_e({}, > 'cvml', '[email protected]');> > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
