Use of open-source software for the IR needs
Info_Sec_Wannabe
Senior MemberMember Posts: 428 ■■■■□□□□□□
For those using free/open-source software for your IR needs (e.g., Kibana/Lens, QRadar, Splunk, etc.), how effective was it for you?
We're a small organization (~20 head count) and considering implementing one. We're primarily offering outsourcing services to financial institutions, but simply don't have the resources to implement a commercial one.
Edit: Added context.
We're a small organization (~20 head count) and considering implementing one. We're primarily offering outsourcing services to financial institutions, but simply don't have the resources to implement a commercial one.
Edit: Added context.
X year plan: (20XX) OSCP [ ], CCSP [ ]
Tagged:
Best Answer
-
bigdogz
Senior Member Member Posts: 881 ■■■■■■■■□□
I used AlienVault and Splunk.Here is the URL for AlienVault... https://cybersecurity.att.com/products/ossimI prefer Splunk since I have been using it longer.I could go on about my laborious efforts but if you are serious about a SIEM, it will take at least 2 - 3 weeks to get the SEIM setup correctly. You need a dedicated person to be on top of your network. Another option is to use a consulting service.Good Luck!
Answers
https://digital-forensics.sans.org
However, I was hoping to hear from those using open-source software for SIEM and log collection and analysis.
I'm following suite with bigdogz to recommend AT&T AlienVault OSSIM which is open source. It is especially ideal as they have amassed excellent training for it on their website https://cybersecurity.att.com/resource-center#product_ossim
Connect With Me || My Blog Site || Follow Me