On Wed, Jul 18, 2012 at 1:12 AM, Chris Tizzano <[email protected]> wrote:
> You can look at WinRM to roll up events in a Windows environment with W2K8 > servers acting as collectors, then feed this into any SIEM, such as splunk. Just to clarify - Splunk itself is more a (to use their words) an "operational-intelligence" tool which you can turn into a SIEM either manually, or by some of their free apps or purchase of their Enterprise Security app (and similar security apps they offer). Splunk is quite cool, it's ability to index any "time-series" data (not necessarily just logs) make it easily extensible and quite unique. Throw in a rich search/analytics language, and you can really go to town. It's price-point is comparable to other OI/SIEM solutions, but everyone has their own opinion/needs there :) Depending on the OPs needs, alot of other vendors mentioned in this thread have some really good stuff as well, including the Open-Source solutions. Chris. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
