Educause Security Discussion mailing list archives

Re: SIEM

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Thu, 28 Apr 2011 17:42:48 -0400

On 04/28/2011 05:23 PM, Rob Milman wrote:

Hi all,

 

I’ve been asked to evaluate products in order to implement a SIEM
solution for our core infrastructure. What, if any, SIEM solutions are
working for you? Is anyone using OSSIM by alienvault?


I've been running OSSIM in a limited test environment for a couple of
months. Capsule description - it's a nice product, but it's tough to
find decent documentation, and the integration between some of the parts
is brittle and pretty easy to break. For example, I completely wrecked
the OpenVAS GUI by trying to install the latest version of OpenVAS.

If you're already running snort, OpenVAS, ntop, etc. in your environment
and would like a unified console for accessing all of these disparate
tools, it's pretty nice. If you're looking for commercial quality
correlation analysis and other "higher" SIEM benefits, I don't think
it's quite there yet.

-- 
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

Current thread:

SIEM Rob Milman (Apr 28)
- Re: SIEM Matthew Gracie (Apr 28)
- Re: SIEM Pratt, Benjamin E. (Apr 29)
  - Re: SIEM Aaron Sigmon (Apr 29)
    - Re: SIEM James R. Pardonek (Apr 29)
  - Re: SIEM Chris Vakhordjian (Apr 29)
- Re: SIEM Ferris, Joe (Apr 29)
  - Re: SIEM King, Ronald A. (Apr 29)
- Re: SIEM Gibson, Nathan J. (HSC) (Apr 29)