Use of open-source software for the IR needs

For those using free/open-source software for your IR needs (e.g., Kibana/Lens, QRadar, Splunk, etc.), how effective was it for you?

We're a small organization (~20 head count) and considering implementing one. We're primarily offering outsourcing services to financial institutions, but simply don't have the resources to implement a commercial one.

Edit: Added context.

Find more posts tagged with

cybersecurity tools

incident response

Accepted answers

bigdogz

I used AlienVault and Splunk.

Here is the URL for AlienVault... https://cybersecurity.att.com/products/ossim

I prefer Splunk since I have been using it longer.

I could go on about my laborious efforts but if you are serious about a SIEM, it will take at least 2 - 3 weeks to get the SEIM setup correctly. You need a dedicated person to be on top of your network. Another option is to use a consulting service.

Good Luck!

All comments

Mike7

You can check out the resources at
https://digital-forensics.sans.org

Info_Sec_Wannabe

Mike7 said:

You can check out the resources at
https://digital-forensics.sans.org

Appreciate the feedback, @Mike7.

However, I was hoping to hear from those using open-source software for SIEM and log collection and analysis.

bigdogz

I used AlienVault and Splunk.

Here is the URL for AlienVault... https://cybersecurity.att.com/products/ossim

I prefer Splunk since I have been using it longer.

Good Luck!

egrizzly

I'm following suite with bigdogz to recommend AT&T AlienVault OSSIM which is open source. It is especially ideal as they have amassed excellent training for it on their website https://cybersecurity.att.com/resource-center#product_ossim

stryder144

You might also look into Security Onion, though I agree with bigdogz and egrizzly about AlienVault OSSIM.