Best siem

cancel
Showing results for 
Search instead for 
Did you mean: 

Best siem

L4 Transporter

Hello all its been a long time, since they took away my sentinel role I haven't been on here much. Does anyone have a recommendation for a siem?

5 REPLIES 5

Cyber Elite
Cyber Elite

Hey @jdprovine!

I'd say that it really depends on what you are looking to use it for, and how big of a budget you have.

 

Splunk will likely always be my go to solution due to the number of integrations that are readily available for it. The downside is that depending on the amount of data you are trying to index it can get fairly expensive. The major benefit with Splunk however is that the sheer number of plugins and integrations available for it allows you to get useful data and insight without investing a top of time or learning Splunk SPL to build proper queries. 

 

Graylog is definitely my go to favorite lower-cost/free option. Graylog Enterprise will give you a supported instance, and the newer Graylog Illuminate option is pretty awesome and will integrate really well with your PAN equipment. If you don't have a budget to really work with, the free Graylog Open will give you a good SIEM solution that is well documented and has various integrations available for it without any cost outside of hardware. 

I will definitely look into graylog and have you ever heard of ossim or suricatta

 

@jdprovine , sorry, can't help but what a blast from the past seeing you pop up...

 

 

@MickBall hey how's it going? I still manage a PA and billion other things but since they removed my sentinel status I don't get on her much

@jdprovine , yes all is well, been very busy as our home worker count went from 2.5k to almost 8k overnight with the Covid stuff...   not on here as much myself as most posts now are way beyond my tech ability, there are some helpful people on here...   I do find it quite amusing that we pay tens of thousands of pounds to our support PA partner and they just seem to send back stuff that I already posted a while back...   still if it all ran smoothly... I would be out of a job.

 

You take care..

 

Mick.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!