Open source threat intelligence for SMB

Hi
We service SMB marke and desperately trying to find some sort of SiEM / threat intelligence. Yverything that we looked at is just out of budget
Anything out there somewhat close to Splunk or Alienvalt?

What about www.openvas.org?

Please advice. We are small MSP
LVL 1
mavrukinAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
Already mentioned the AlienVault OSSIM, being open source, has community-supported threat intelligence feeds available. This is an option. I doubt the costing of other SIEMS is very much lower but you need their respective sales support to advise instead. Regardless, for your info
For example, LogRhythm Security Intelligence Platform is the only studied SIEM product that strongly supports all seven criteria. Close behind it is McAfee ESM and SolarWinds Log & Event Manager, followed by EMC RSA Security Analytics, HP ArcSight ESM, and Splunk Enterprise. Any of these products are strong candidates for enterprise usage. For organizations that cannot afford a full-fledged commercial SIEM product, the AlienVault OSSIM offers some basic SIEM capabilities with no software costs.
http://searchsecurity.techtarget.com/feature/Comparing-the-best-SIEM-systems-on-the-market
0
 
btanConnect With a Mentor Exec ConsultantCommented:
OpenVAS is not siems but more of vulnerability scanner like Nessus. But you are into siems than probably OSSIM which is open source coming for AlienVault.

You can see the difference btw the commercial tool from AlienVault see https://www.alienvault.com/resource-center/white-papers/ossim-vs-usm

Another is can ask for demo from Recordedfuture.

https://www.recordedfuture.com/services/intelligence/
0
 
mavrukinAuthor Commented:
Thank you
What do you think about security onion ?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
btanConnect With a Mentor Exec ConsultantCommented:
Not bad either esp if you are already running OSSEC for HIDS and Snort/Suricata/Bro for NIDS rule cum event driven detection. It does full capture with its sensor which SIEMS may not necessary have included that. It comes with analysis tools too which is quite well used in the open community. It covers server and client setup too. Check the architecture

https://github.com/Security-Onion-Solutions/security-onion/wiki/Architecture

They do have active community maintaining it so it does give good crebility but just need some hands on for beginner. If you need to have expertise to setup and managed the rule to reduce false positive then the good thing is they have commercial support too.
https://securityonionsolutions.com

You may also see Kiwisyslog for the log analysis and collection.
0
 
mavrukinAuthor Commented:
So can it be used as SiEM for SMB instead of Alienvalt?
0
 
btanConnect With a Mentor Exec ConsultantCommented:
Not entirely unless you are only looking at HIDS alerts from OSSEC and NIDS alerts from Snort/Suricata
0
 
mavrukinAuthor Commented:
Is there anything there that is more affordable ?
0
 
btanExec ConsultantCommented:
As per advised.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.