Hi, Jaime! I'm not mean aspecially OSSIM. It was try OSSIM and Prelude (Prewikka). OSSIM can work only with single user. And only with limited number of OSSEC agents. Community version of prewikka uses some kind of deoptimized SQL queries, so MySQL server can't answer quickly. It also have very poor visualizations. And it seems that new owners of Prelude remove some functions from community version.
вт, 11 авг. 2015 г. в 22:35, Jaime Blasco <jaime.bla...@alienvault.com>: > If you are talking about OSSIM, it doesn't contain any limits and it is > based on top of Open Source and free software as well. There are more than > 10k installation worldwide and it is maintained by a company and the core > technology is used in a commercial product as well. It also gives you many > more capabilities (Netflow, IDS, Vulnerability Scanning, Correlation, Asset > discovery, IOC matching, etc). > > Happy to answer any questions about OSSIM > > Regards > > > > On Tue, Aug 11, 2015 at 12:09 PM, Daniil Svetlov <svetlov.dan...@gmail.com > > wrote: > >> Jason, LightSIEM maintain one database for all events. It's not important >> from what sources it comes. OSSEC and Snort logs goes through normalization >> process, where they are parsed in spacial fields and alert level are reduce >> for common scale. >> >> Answering your question you need only one server of LightSIEM for >> building SIEM. >> >> Also, note, that except others "freeware" SIEM, LightSIEM doesn't contain >> any limits and build on top of opensource and free software. >> >> >> пн, 10 авг. 2015 г. в 17:42, Grant Leonard <gr...@castraconsulting.com>: >> >>> a SIEM platform of any kind is a correlation tool for comparing and >>> contrasting logs from disparate device types >>> >>> As you have seen, 3 different folks provided 3 different answers and >>> that will likely be true when talking with any professionals. >>> >>> for 200 devices, you will need a decent size server, OSSIM (and >>> ultimately Alienvault) have the OSSEC server running on their main server >>> and remote sensor devices allowing you to manually deploy OSSEC agents and >>> control OSSEC agent configurations from a GUI as well as command line. >>> >>> If you are only managing 200 servers and no other log feeds, OSSIM might >>> be a good place to start as you will get some pre-canned ideas for writing >>> subsequent rules/directives/escalations. >>> >>> If, however, you choose to add additional feeds, you might keep the 200+ >>> agents reporting to a remote sensor and use the server for just >>> correlation/presentation. Your options are wide open, give it a try! >>> >>> https://www.alienvault.com/products/ossim >>> >>> >>> Grant Leonard >>> Castra Consulting, LLC <http://castraconsulting.com/#/> >>> 919-949-4002 >>> >>> On Sun, Aug 9, 2015 at 10:46 AM, 'Jason Long' via ossec-list < >>> ossec-list@googlegroups.com> wrote: >>> >>>> Thank you. >>>> Grant , Can you give me more information? I want to implement SIEM for >>>> a windows network with 200 clients. Which requirements are need? >>>> >>>> >>>> >>>> On Saturday, August 8, 2015 8:58 PM, Grant Leonard < >>>> gr...@castraconsulting.com> wrote: >>>> >>>> >>>> Try Alienvault or OSSIM, they both make good use of OSSEC and add >>>> additional tools you will need for detecting the spread of malware >>>> >>>> On Friday, August 7, 2015 at 6:40:54 AM UTC-4, Jason Long wrote: >>>> >>>> Hello Experts. >>>> How can I launch a SEIM for my local network and find the spread point >>>> of malware in my local network? >>>> Any idea? Please let me know which tools are needed. >>>> >>>> >>>> Thank you. >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to ossec-list+unsubscr...@googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "ossec-list" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/ossec-list/oAWYa0XDz1M/unsubscribe. >>>> To unsubscribe from this group and all its topics, send an email to >>>> ossec-list+unsubscr...@googlegroups.com. >>> >>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> >> -- >> С уважением, Светлов Даниил. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > _______________________________ > > Jaime Blasco > > Vice President and Chief Scientist > > www.alienvault.com > https://www.alienvault.com/open-threat-exchange > Email: jaime.bla...@alienvault.com > > http://twitter.com/jaimeblascob > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
