I'd say that it really depends on what you are looking to use it for, and how big of a budget you have.
Splunk will likely always be my go to solution due to the number of integrations that are readily available for it. The downside is that depending on the amount of data you are trying to index it can get fairly expensive. The major benefit with Splunk however is that the sheer number of plugins and integrations available for it allows you to get useful data and insight without investing a top of time or learning Splunk SPL to build proper queries.
Graylog is definitely my go to favorite lower-cost/free option. Graylog Enterprise will give you a supported instance, and the newer Graylog Illuminate option is pretty awesome and will integrate really well with your PAN equipment. If you don't have a budget to really work with, the free Graylog Open will give you a good SIEM solution that is well documented and has various integrations available for it without any cost outside of hardware.
@jdprovine , yes all is well, been very busy as our home worker count went from 2.5k to almost 8k overnight with the Covid stuff... not on here as much myself as most posts now are way beyond my tech ability, there are some helpful people on here... I do find it quite amusing that we pay tens of thousands of pounds to our support PA partner and they just seem to send back stuff that I already posted a while back... still if it all ran smoothly... I would be out of a job.
You take care..
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!