Avatar of Dan
DanFlag for United States of America asked on

Looking for a good SIEM solution

I am looking at Splunk for my SIEM solution, but am open for others that are hopefully easier to use.   Does anyone recommend anything other than Splunk that is easy to use and configure?
I don't have a lot of time to spend in figuring out how to use a new platform, so looking for a good solution, decently priced and easy to use.

Any suggestions?
Networking Hardware-OtherNetworkingNetwork SecuritySecurity

Avatar of undefined
Last Comment
Dan

8/22/2022 - Mon
Jazz Marie Kaur

I would go with SolarWinds, its worth the cost.
madunix

SIEM solution is essential to detect and monitor your intrusion points for security incidents, help you prevent cyber threats, and minimize data breaches. You could start with an open-source SIEM tool for a better understanding of the concept behind SIEM.

Ensure you have enough in-house expert skills to know what kind of use cases to configure in your SIEM. The most challenging will be the scoping of the monitoring devices, fine-tuning the rules, and maintaining the skillset for your SOC team.

https://www.dnsstuff.com/free-siem-tools/
https://logz.io/blog/open-source-siem-tools/
https://www.experts-exchange.com/articles/32316/What-Gives-SIEM-a-Good-Name.html
ASKER
Dan

So I don’t have a doc team, I’m the only network engineer, and will be the only person managing the solution.  I’ve been looking at splunk, I like the apps it has, and wanted to see if there’s anything better out there?  It’s a bit complex and there’s a learning curve, so didn’t know if there’s others that are easier to use, but just as powerful?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Philip Elder

I've seen some that use Perch.
Microsoft's Advanced Threat Protection and security services suite within their E5 subscription may also meet the needs if already subscribed.

Edit: Given the huge holes found in SolarWinds over the year including recently ... not so sure about that one.
madunix

Would you mind checking the Gartner quadrant on SIEM? Splunk is one of the best.  Make sure whatever you choose as a solution should be in the “Leaders” Quadrant of the Gartner Magic Quadrant for SIEM. As you know, there are many vendors to choose from the list. But it all depends on the entities you want to monitor also. Cost depends on what vendor you are choosing; more cost, more capabilities, less cost, fewer capabilities.
 
The SIEM solution should address all the major SIEM use cases, including:
  • Log management
  • Incident investigations and workflow
  • Incident Response
  • Forensics
  • Security and compliance reporting and visualizations
  • Real-time monitoring and alerting on both known and unknown (APT) threats
  • Ability to do cross-data source correlations to detect specific patterns
  • Long-term data retention
  • Software should be easily installed and managed
  • Should have available data collectors for popular data sources
  • Can be used for major regulations and frameworks including PCI, SOX, NIST 800-53, ISO 27002, COBIT, SSAE 16
 
 
https://www.elastic.co/blog/elastic-security-recognized-in-gartner-magic-quadrant-for-siem
 
ASKER CERTIFIED SOLUTION
Dan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question