a SIEM platform of any kind is a correlation tool for comparing and contrasting logs from disparate device types
As you have seen, 3 different folks provided 3 different answers and that will likely be true when talking with any professionals. for 200 devices, you will need a decent size server, OSSIM (and ultimately Alienvault) have the OSSEC server running on their main server and remote sensor devices allowing you to manually deploy OSSEC agents and control OSSEC agent configurations from a GUI as well as command line. If you are only managing 200 servers and no other log feeds, OSSIM might be a good place to start as you will get some pre-canned ideas for writing subsequent rules/directives/escalations. If, however, you choose to add additional feeds, you might keep the 200+ agents reporting to a remote sensor and use the server for just correlation/presentation. Your options are wide open, give it a try! https://www.alienvault.com/products/ossim Grant Leonard Castra Consulting, LLC <http://castraconsulting.com/#/> 919-949-4002 On Sun, Aug 9, 2015 at 10:46 AM, 'Jason Long' via ossec-list < [email protected]> wrote: > Thank you. > Grant , Can you give me more information? I want to implement SIEM for a > windows network with 200 clients. Which requirements are need? > > > > On Saturday, August 8, 2015 8:58 PM, Grant Leonard < > [email protected]> wrote: > > > Try Alienvault or OSSIM, they both make good use of OSSEC and add > additional tools you will need for detecting the spread of malware > > On Friday, August 7, 2015 at 6:40:54 AM UTC-4, Jason Long wrote: > > Hello Experts. > How can I launch a SEIM for my local network and find the spread point of > malware in my local network? > Any idea? Please let me know which tools are needed. > > > Thank you. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/oAWYa0XDz1M/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
