Solved

Open source threat intelligence for SMB

Posted on 2016-10-02
8
40 Views
Last Modified: 2016-10-22
Hi
We service SMB marke and desperately trying to find some sort of SiEM / threat intelligence. Yverything that we looked at is just out of budget
Anything out there somewhat close to Splunk or Alienvalt?

What about www.openvas.org?

Please advice. We are small MSP
0
Comment
Question by:mavrukin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 64

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
ID: 41825715
OpenVAS is not siems but more of vulnerability scanner like Nessus. But you are into siems than probably OSSIM which is open source coming for AlienVault.

You can see the difference btw the commercial tool from AlienVault see https://www.alienvault.com/resource-center/white-papers/ossim-vs-usm

Another is can ask for demo from Recordedfuture.

https://www.recordedfuture.com/services/intelligence/
0
 
LVL 1

Author Comment

by:mavrukin
ID: 41825759
Thank you
What do you think about security onion ?
0
 
LVL 64

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
ID: 41825857
Not bad either esp if you are already running OSSEC for HIDS and Snort/Suricata/Bro for NIDS rule cum event driven detection. It does full capture with its sensor which SIEMS may not necessary have included that. It comes with analysis tools too which is quite well used in the open community. It covers server and client setup too. Check the architecture

https://github.com/Security-Onion-Solutions/security-onion/wiki/Architecture

They do have active community maintaining it so it does give good crebility but just need some hands on for beginner. If you need to have expertise to setup and managed the rule to reduce false positive then the good thing is they have commercial support too.
https://securityonionsolutions.com

You may also see Kiwisyslog for the log analysis and collection.
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 
LVL 1

Author Comment

by:mavrukin
ID: 41825893
So can it be used as SiEM for SMB instead of Alienvalt?
0
 
LVL 64

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
ID: 41825898
Not entirely unless you are only looking at HIDS alerts from OSSEC and NIDS alerts from Snort/Suricata
0
 
LVL 1

Author Comment

by:mavrukin
ID: 41825899
Is there anything there that is more affordable ?
0
 
LVL 64

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41825978
Already mentioned the AlienVault OSSIM, being open source, has community-supported threat intelligence feeds available. This is an option. I doubt the costing of other SIEMS is very much lower but you need their respective sales support to advise instead. Regardless, for your info
For example, LogRhythm Security Intelligence Platform is the only studied SIEM product that strongly supports all seven criteria. Close behind it is McAfee ESM and SolarWinds Log & Event Manager, followed by EMC RSA Security Analytics, HP ArcSight ESM, and Splunk Enterprise. Any of these products are strong candidates for enterprise usage. For organizations that cannot afford a full-fledged commercial SIEM product, the AlienVault OSSIM offers some basic SIEM capabilities with no software costs.
http://searchsecurity.techtarget.com/feature/Comparing-the-best-SIEM-systems-on-the-market
0
 
LVL 64

Expert Comment

by:btan
ID: 41855076
As per advised.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question