Basic SIEM That Isn't $plunk
Long story short, I'm in a pretty small company that likes to bite off more than they can chew. We're slated to have some corrective actions in account that we acquired compliance with ISO 27001.
We don't have any log management nor any SIEM capabilities in place right now.
The auditor told us before that manually scanning for things is a full-time job on its own and wouldn't suffice as adequate for two sysadmins (one being me) who are also handling other responsibilities on a daily basis.
Cue the need for a SIEM or at least something like it.
I've looked and the cheapest I've found is what's either open source or EventSentry.
Leadership seems really keen on having support for whatever we get because they don't want us being left in the dark.
I need to do more testing with Graylog before making a case for it but is there anything anyone knows about some cheap (preferably free) hacks that just do basic things like:
- Real-time alerting
- Log management
- Admin/super user auditing
- Log protection (admins cannot delete them)
AFAIK, only a SIEM can provide these things fully. Being an admin, I can alter anything I provision within Windows.