We have MARS...but rumor is its days are numbered. Not to mention you cannot get details or customize alerts.
I just finished implementing TriGeo. So far I really like it and support is great! Chad Weatherford | Network/Security Administrator | Shoe Carnival, Inc. | (:812.867.8314 | 7: 812.471.9866 | *: [email protected] From: Matthew Bullock [mailto:[email protected]] Sent: Monday, March 14, 2011 15:29 To: NT System Admin Issues Subject: RE: SIEM Just the general splunk product. Trustwave is the PCI auditor and they were trying to sell us their appliance during the last audit. One requirement for us is that the product be available as a software virtual appliance, so I'll check on their offering again. I'll also dig around SC, thanks. From: Andrew S. Baker [mailto:[email protected]] Sent: Monday, March 14, 2011 10:59 AM To: NT System Admin Issues Subject: Re: SIEM Did you look at the security product, or just the general Splunk product? Also look at TrustWave. Lastly, SC Magazine is one of the best sources for useful reviews on this category of products. They are thorough in their review methodology. ASB (Find me online via About.Me <http://about.me/Andrew.S.Baker/bio> ) Exploiting Technology for Business Advantage... On Mon, Mar 14, 2011 at 1:20 PM, Matthew Bullock <[email protected]> wrote: I took a look at Splunk 6 months ago, but decided it was a bit raw and didn't have enough built-in reports. I'd like to see native support for Cisco IOS, ASA, IPS, SBC and NSEL, Windows WMI, Exchange, VMware, MS SQL, IIS, AD, maybe Avaya Communications Manager and UNIX/Linux/Syslog. -matt From: Andrew S. Baker [mailto:[email protected]] Sent: Monday, March 14, 2011 9:40 AM To: NT System Admin Issues Subject: Re: SIEM Other options include: * http://www.trigeo.com/ * http://www.splunk.com/view/enterprise-security-suite/SP-CAAAE8Z What devices will you be tracking? ASB (Find me online via About.Me <http://about.me/Andrew.S.Baker/bio> ) Exploiting Technology for Business Advantage... On Mon, Mar 14, 2011 at 12:33 PM, Matthew Bullock <[email protected]> wrote: Does anyone have any experience/opinions with implementing SIEM or logging solutions? Right now, we're looking mainly at Accelops, Log Logic and Log Rhythm, as well as an upgrade to our existing Cisco MARS appliance and I would love to hear anyone's thoughts on these or any other solutions worth looking into. Thanks, -matt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
