On Wed, 19 Jan 2011 13:17:16 -0500, [email protected] wrote:
I've been looking into the functional overlap between SPLUNK and
OSSEC,
and it seems that SPLUNK can accomplish many of the same tasks as
OSSEC.
I've used the OSSEC app for SPLUNK, so they must partner well, but I
can't find very many differences.
Actually, I don't see many similarities at all. OSSEC is a
fully-featured HIDs while Splunk is a log aggregator. OSSEC has an
advanced correlation engine, rootkit detection, real-time integrity
monitoring and more. On the other hand, Splunk has a fantastic interface
and OSSEC has, well, the WebUI. OSSEC costs nothing. Splunk is spendy.
OSSEC is free. Splunk is proprietary. I like Splunk, but I don't think
it's the same type of product.
--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com
