Jason, LightSIEM maintain one database for all events. It's not important from what sources it comes. OSSEC and Snort logs goes through normalization process, where they are parsed in spacial fields and alert level are reduce for common scale.
Answering your question you need only one server of LightSIEM for building SIEM. Also, note, that except others "freeware" SIEM, LightSIEM doesn't contain any limits and build on top of opensource and free software. пн, 10 авг. 2015 г. в 17:42, Grant Leonard <[email protected]>: > a SIEM platform of any kind is a correlation tool for comparing and > contrasting logs from disparate device types > > As you have seen, 3 different folks provided 3 different answers and that > will likely be true when talking with any professionals. > > for 200 devices, you will need a decent size server, OSSIM (and ultimately > Alienvault) have the OSSEC server running on their main server and remote > sensor devices allowing you to manually deploy OSSEC agents and control > OSSEC agent configurations from a GUI as well as command line. > > If you are only managing 200 servers and no other log feeds, OSSIM might > be a good place to start as you will get some pre-canned ideas for writing > subsequent rules/directives/escalations. > > If, however, you choose to add additional feeds, you might keep the 200+ > agents reporting to a remote sensor and use the server for just > correlation/presentation. Your options are wide open, give it a try! > > https://www.alienvault.com/products/ossim > > > Grant Leonard > Castra Consulting, LLC <http://castraconsulting.com/#/> > 919-949-4002 > > On Sun, Aug 9, 2015 at 10:46 AM, 'Jason Long' via ossec-list < > [email protected]> wrote: > >> Thank you. >> Grant , Can you give me more information? I want to implement SIEM for a >> windows network with 200 clients. Which requirements are need? >> >> >> >> On Saturday, August 8, 2015 8:58 PM, Grant Leonard < >> [email protected]> wrote: >> >> >> Try Alienvault or OSSIM, they both make good use of OSSEC and add >> additional tools you will need for detecting the spread of malware >> >> On Friday, August 7, 2015 at 6:40:54 AM UTC-4, Jason Long wrote: >> >> Hello Experts. >> How can I launch a SEIM for my local network and find the spread point of >> malware in my local network? >> Any idea? Please let me know which tools are needed. >> >> >> Thank you. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ossec-list/oAWYa0XDz1M/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. > > >> For more options, visit https://groups.google.com/d/optout. >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
