Use of open-source software for the IR needs
Info_Sec_Wannabe
Member Posts: 428 ■■■■□□□□□□
For those using free/open-source software for your IR needs (e.g., Kibana/Lens, QRadar, Splunk, etc.), how effective was it for you?
We're a small organization (~20 head count) and considering implementing one. We're primarily offering outsourcing services to financial institutions, but simply don't have the resources to implement a commercial one.
Edit: Added context.
We're a small organization (~20 head count) and considering implementing one. We're primarily offering outsourcing services to financial institutions, but simply don't have the resources to implement a commercial one.
Edit: Added context.
X year plan: (20XX) OSCP [ ], CCSP [ ]
Tagged:
Best Answer
-
bigdogz
Member Posts: 881 ■■■■■■■■□□
I used AlienVault and Splunk.Here is the URL for AlienVault... https://cybersecurity.att.com/products/ossimI prefer Splunk since I have been using it longer.I could go on about my laborious efforts but if you are serious about a SIEM, it will take at least 2 - 3 weeks to get the SEIM setup correctly. You need a dedicated person to be on top of your network. Another option is to use a consulting service.Good Luck!
Answers
-
Info_Sec_Wannabe
Member Posts: 428 ■■■■□□□□□□
-
egrizzly
Member Posts: 533 ■■■■■□□□□□
I'm following suite with bigdogz to recommend AT&T AlienVault OSSIM which is open source. It is especially ideal as they have amassed excellent training for it on their website https://cybersecurity.att.com/resource-center#product_ossimB.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ -
stryder144
Member Posts: 1,684 ■■■■■■■■□□
You might also look into Security Onion, though I agree with bigdogz and egrizzly about AlienVault OSSIM.
The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia
Connect With Me || My Blog Site || Follow Me