topic Re: Best siem in General Topics

Best siem

jdprovine — Tue, 04 May 2021 12:51:48 GMT

Hello all its been a long time, since they took away my sentinel role I haven't been on here much. Does anyone have a recommendation for a siem?

Re: Best siem

BPry — Wed, 05 May 2021 03:00:08 GMT

Hey @jdprovine!

I'd say that it really depends on what you are looking to use it for, and how big of a budget you have.

Splunk will likely always be my go to solution due to the number of integrations that are readily available for it. The downside is that depending on the amount of data you are trying to index it can get fairly expensive. The major benefit with Splunk however is that the sheer number of plugins and integrations available for it allows you to get useful data and insight without investing a top of time or learning Splunk SPL to build proper queries.

Graylog is definitely my go to favorite lower-cost/free option. Graylog Enterprise will give you a supported instance, and the newer Graylog Illuminate option is pretty awesome and will integrate really well with your PAN equipment. If you don't have a budget to really work with, the free Graylog Open will give you a good SIEM solution that is well documented and has various integrations available for it without any cost outside of hardware.

Re: Best siem

jdprovine — Wed, 05 May 2021 13:07:42 GMT

I will definitely look into graylog and have you ever heard of ossim or suricatta

Re: Best siem

Mick_Ball — Wed, 05 May 2021 15:46:02 GMT

@jdprovine , sorry, can't help but what a blast from the past seeing you pop up...

Re: Best siem

jdprovine — Thu, 06 May 2021 20:49:58 GMT

@Mick_Ball hey how's it going? I still manage a PA and billion other things but since they removed my sentinel status I don't get on her much

Re: Best siem

Mick_Ball — Fri, 07 May 2021 09:00:46 GMT

@jdprovine , yes all is well, been very busy as our home worker count went from 2.5k to almost 8k overnight with the Covid stuff... not on here as much myself as most posts now are way beyond my tech ability, there are some helpful people on here... I do find it quite amusing that we pay tens of thousands of pounds to our support PA partner and they just seem to send back stuff that I already posted a while back... still if it all ran smoothly... I would be out of a job.

You take care..

Mick.