 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I've become interested in Security Information and Event Management (SIEM) and comparing or learning more how open source products stand in the marketplace. This book http://www.amazon.com/books/dp/0071701095 compares AlienVault OSSIM (which appears to operate on the freemium model) http://communities.alienvault.com/ with the other big players: - Cisco MARS http://www.cisco.com/en/US/products/ps6241/index.html - IBM QRadar http://www-03.ibm.com/software/products/us/en/qradar/ - HP ArcSight http://www8.hp.com/us/en/software-solutions/software.html?compURI=1214365 One not featured in the book, and the project that got me interested in the topic is OpenVAS http://www.openvas.org/ Are there others? - OSSEC http://www.ossec.net/ - sguil http://sguil.sourceforge.net/index.html Does anyone have insights to share on leading open source implementations of Security Assessment, or SIEM systems? Dr. Anton Chuvakin does. http://chuvakin.blogspot.com/2009/06/why-no-open-source-siem-ever.html He predicted 5 years ago that none would ever truly come to fruition due to multiple aspects of the domain which do not fit well with the open source model. Greg Rundlett p.s. also rhetorically wondering why these big companies have such bad information architecture = ugly URLs
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
