Security Information and Event Management (SIEM) in open source
Tom Buskey
tom at buskey.name
Tue Jul 16 09:07:36 EDT 2013
On Mon, Jul 15, 2013 at 12:10 PM, Greg Rundlett (freephile) <
greg at freephile.com> wrote:
> I've become interested in Security Information and Event Management (SIEM)
> and comparing or learning more how open source products stand in the
> marketplace. This book http://www.amazon.com/books/dp/0071701095
> compares
> AlienVault OSSIM (which appears to operate on the freemium model)
> http://communities.alienvault.com/ with the other big players:
>
> - Cisco MARS http://www.cisco.com/en/US/products/ps6241/index.html
> - IBM QRadar http://www-03.ibm.com/software/products/us/en/qradar/
> - HP ArcSight
> http://www8.hp.com/us/en/software-solutions/software.html?compURI=1214365
>
> Snare <http://sourceforge.net/projects/snare/> is a commercial product
with some open sources parts. The snare agents are open source and widely
used. Basically, they convert audit events to syslog, timestamp them and
throw them at a syslog server over TCP or UDP.
There are lots of OSSIM components in open source as well. Snort is an IDS
that comes to mind.
>
> -
>
> One not featured in the book, and the project that got me interested in
> the topic is OpenVAS http://www.openvas.org/
>
> Are there others?
>
> - OSSEC http://www.ossec.net/
> - sguil http://sguil.sourceforge.net/index.html
>
>
> Does anyone have insights to share on leading open source implementations
> of Security Assessment, or SIEM systems? Dr. Anton Chuvakin does.
> http://chuvakin.blogspot.com/2009/06/why-no-open-source-siem-ever.html
> He predicted 5 years ago that none would ever truly come to fruition due to
> multiple aspects of the domain which do not fit well with the open source
> model.
>
Log standards are so great that everone has their own! And it's hard to
get people that operate on a need to know basis to share info.
>
>
> Greg Rundlett
>
> p.s. also rhetorically wondering why these big companies have such bad
> information architecture = ugly URLs
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20130716/d998e397/attachment.html
More information about the gnhlug-discuss
mailing list