Hello, I am currently looking at my options for log management and event monitoring. OSSEC seems like a great open source option but I don't know how long it's going to get up and running.
The environment is compromised of 15-20 network components, including Linux VMs and firewalls. The team is technically skilled but we haven't worked with log management and event monitoring tools before, so if we did it ourselves there would be some learning on the job. Questions: 1. How long do you think it will take to run up the OSSEC installation on 1 VM and get 15-20 network components configured? 2. How skilled does somebody need to be to do the work, do they need specialist knowledge or is it all pretty standard stuff? 3. If we got in a pro who had setup tools like OSSEC before, how long should it take them? 4. Do you know how many threat signatures are provided out of the box? Like how many scenarios are pre-packaged for event monitoring? I appreciate that I have given only general information about the environment and asked questions that relate to your individual experience, but any thoughts and experiences would be really helpful. Thanks for your help, GM -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
