Use of open-source software for the IR needs
Info_Sec_Wannabe
Senior MemberMember Posts: 400 ■■■□□□□□□□
For those using free/open-source software for your IR needs (e.g., Kibana/Lens, QRadar, Splunk, etc.), how effective was it for you?
We're a small organization (~20 head count) and considering implementing one. We're primarily offering outsourcing services to financial institutions, but simply don't have the resources to implement a commercial one.
Edit: Added context.
We're a small organization (~20 head count) and considering implementing one. We're primarily offering outsourcing services to financial institutions, but simply don't have the resources to implement a commercial one.
Edit: Added context.
Three year plan: (2018) CISSP [X] and eJPT [ ]; (2019) eCPPT [ ]; (2020) OSCP [ ]
Tagged:
Answers
-
Info_Sec_Wannabe
Senior Member Member Posts: 400 ■■■□□□□□□□
-
bigdogz
Member Posts: 847 ■■■■■■■□□□
I used AlienVault and Splunk.Here is the URL for AlienVault... https://cybersecurity.att.com/products/ossimI prefer Splunk since I have been using it longer.I could go on about my laborious efforts but if you are serious about a SIEM, it will take at least 2 - 3 weeks to get the SEIM setup correctly. You need a dedicated person to be on top of your network. Another option is to use a consulting service.Good Luck!