This discussion is/was helpful. Thanks!
Rich Marsh -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, January 20, 2011 5:47 AM To: [email protected] Subject: RE: [ossec-list] Splunk and OSSEC overlap Thx guys, In no way is this knock on OSSEC. We use OSSEC extensively in our environment, however, it is important to know the strengths, limitations or overlap in tools. I appreciate the feedback. Tyler -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Wednesday, January 19, 2011 2:42 PM To: [email protected] Subject: Re: [ossec-list] Splunk and OSSEC overlap Hi Tyler, On Wed, Jan 19, 2011 at 1:17 PM, <[email protected]> wrote: > I've been looking into the functional overlap between SPLUNK and OSSEC, and > it seems that SPLUNK can accomplish many of the same tasks as OSSEC. I've > used the OSSEC app for SPLUNK, so they must partner well, but I can't find > very many differences. > > > > In short, it seems as if someone would purchase the SPLUNK enterprise > product, they would have a replacement for their existing OSSEC deployment... > > > > What are your thoughts? Is there room for both tools in the enterprise? > > > > > > > > > > > > Tyler Ross > > While there is some overlap, they each perform their primary functions very well. Splunk gives you a great gui to view the alerts OSSEC provides. It doesn't do notifications or file integrity monitoring well. OSSEC gives you great notifications (emails) and integrity monitoring, but doesn't have a gui (wui doesn't count). The benefits of Splunk go down with the more data you have because the price goes up. It's not difficult to stuff more than 500MB of data into splunk in a day. And the free version has some other serious limitations.
