mailing list archives
SMB Security Event Management Tool
From: jsawyer at ufl.edu (John Sawyer)
Date: Wed, 8 Apr 2009 23:05:42 -0400
LogLogic has Lasso for the Windows Event Log to Syslog function but I
don't think they have any free sort of SEM tool. You'll still need to
push it to Splunk, Kiwi Syslog Daemon, OSSEC, or something that chews
on syslog data.
The problem with almost all of those solutions is that they don't
provide alerting. You have to go into the tool to search or run a
report. If it were me, I'd probably go with OSSEC for the alerting
functionality along with host integrity checking and active response.
Then, use Splunk for a slick interface to dig deep into the alerts.
There's some cool Splunk Applications over at SplunkBase with
different focuses that would fit well here like the "Splunk for
On Apr 8, 2009, at 10:26 PM, Vincent Lape wrote:
Have you looked @ loglogics?
On Apr 7, 2009, at 8:55 PM, Jim Manley wrote:
I'm looking for a security event management tool (log correlation,
auditing, etc.) that would be suitable for small/medium size business
environment. The environments in which it would be deployed into are
primarily MS Windows with a smattering of Linux.
It doesn't need a lot of bells and whistles and it needs to be fairly
easy to set up and operate (the people doing the work are primarily
physical security types with the average user's knowledge). Ideally
needs to trigger on Windows event manager and security manager codes
things like failed logins, etc.
aka oaa PDP/11
SMB Security Event Management Tool airwolf airwolf (Apr 09)
SMB Security Event Management Tool Vincent Lape (Apr 09)
- SMB Security Event Management Tool, (continued)
- SMB Security Event Management Tool John Sawyer (Apr 09)