I serve a number of peer-to-peer networks with Windows workstations and a variety of firewalls.
So, the focus of this question is on peer-to-peer networks - as there are many in operation and they represent an important market segment.
And, for now, I want to focus on the Juniper Networks SRX240 firewall - when that makes sense in the discussion.
I need to do things like detect anomalous activities, monitor for unauthorized users and devices, set alerts for infosec incidents, monitor performance as a risk indicator, etc.
I will accept that the capabilities are limited in a peer-to-peer network architecture - but won't give up using that as an excuse.
So please don't use up space and energy lecturing about changing the world (i.e. architectures). It is what it is. We work with what we're handed. :-)
I see that there are a variety of products that will gather, analyze, report and alert.
I'm wondering which such products are good for a small network with a limited budget?
I'm currently using PRTG for network performance monitoring using SNMP for the network devices. The sites are small enough that the free version is fine.
I like PRTG because it makes setup for performance monitoring easy. But I'm willing to try other things where they might make sense.
(I tried Spiceworks once upon a time and found it too strange for me. Maybe I didn't give it enough time.)
Going into this, I see ManageEngine EventLog Analyzer...
I am the IT staff for each system - so obviously part-time and mostly on call except for monitoring things like this which have to be handled ongoing. So I generally don't have the luxury to develop capabilities that take a lot of time to get up and running. There is limited time for "development".
I'm just starting this adventure so any suggestions, pointers, etc. would be appreciated!
Things I can imagine:
SRX logs with things like DOS attacks logged and collected.
Windows local logins logged and collected.