[Discuss] Security Information and Event Management (SIEM) in open source
Greg Rundlett (freephile)
greg at freephile.com
Mon Jul 15 12:10:55 EDT 2013
I've become interested in Security Information and Event Management (SIEM)
and comparing or learning more how open source products stand in the
marketplace. This book http://www.amazon.com/books/dp/0071701095 compares
AlienVault OSSIM (which appears to operate on the freemium model)
http://communities.alienvault.com/ with the other big players:
- Cisco MARS http://www.cisco.com/en/US/products/ps6241/index.html
- IBM QRadar http://www-03.ibm.com/software/products/us/en/qradar/
- HP ArcSight
http://www8.hp.com/us/en/software-solutions/software.html?compURI=1214365
One not featured in the book, and the project that got me interested in the
topic is OpenVAS http://www.openvas.org/
Are there others?
- OSSEC http://www.ossec.net/
- sguil http://sguil.sourceforge.net/index.html
Does anyone have insights to share on leading open source implementations
of Security Assessment, or SIEM systems? Dr. Anton Chuvakin does.
http://chuvakin.blogspot.com/2009/06/why-no-open-source-siem-ever.html He
predicted 5 years ago that none would ever truly come to fruition due to
multiple aspects of the domain which do not fit well with the open source
model.
Greg Rundlett
p.s. also rhetorically wondering why these big companies have such bad
information architecture = ugly URLs
More information about the Discuss
mailing list