Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

SMB Security Event Management Tool
From: jsawyer at ufl.edu (John Sawyer)
Date: Wed, 8 Apr 2009 23:05:42 -0400

LogLogic has Lasso for the Windows Event Log to Syslog function but I  
don't think they have any free sort of SEM tool. You'll still need to  
push it to Splunk, Kiwi Syslog Daemon, OSSEC, or something that chews  
on syslog data.

The problem with almost all of those solutions is that they don't  
provide alerting. You have to go into the tool to search or run a  
report. If it were me, I'd probably go with OSSEC for the alerting  
functionality along with host integrity checking and active response.  
Then, use Splunk for a slick interface to dig deep into the alerts.  
There's some cool Splunk Applications over at SplunkBase with  
different focuses that would fit well here like the "Splunk for  
Windows Management."

-jhs

On Apr 8, 2009, at 10:26 PM, Vincent Lape wrote:

Have you looked @ loglogics?
On Apr 7, 2009, at 8:55 PM, Jim Manley wrote:

I'm looking for a security event management tool (log correlation,
auditing, etc.) that would be suitable for small/medium size business
environment.  The environments in which it would be deployed into are
primarily MS Windows with a smattering of Linux.

It doesn't need a lot of bells and whistles and it needs to be fairly
easy to set up and operate (the people doing the work are primarily
physical security types with the average user's knowledge).  Ideally
it
needs to trigger on Windows event manager and security manager codes
for
things like failed logins, etc.

Thanks,

Jim
aka oaa PDP/11


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]