Securityonion as a SEIM #7487
-
|
Good Afternoon all, I was wondering if anyone out there is using SO for their SEIM rather than just threat hunting and log aggregation? I was looking at the elastic SEIM, but was wondering if it was worth the price if I can just use SO. Thanks, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Sometimes SIEM means different things to different people, so you might start by defining exactly what features you're looking for. You could also try Security Onion and see if it gives you those features you need. If you need to later enable the Elastic SIEM inside Security Onion, you can certainly do that. |
Beta Was this translation helpful? Give feedback.
-
|
that is very true. Currently we are using SO to collect network traffic flows via a network taps. I was looking at Elastic SIEM, but if I can have the same functionality with the other open source tools already connected to SO, I would rather just build out the SO environment to include event log ingestion and firewall log ingestion. |
Beta Was this translation helpful? Give feedback.
Sometimes SIEM means different things to different people, so you might start by defining exactly what features you're looking for.
You could also try Security Onion and see if it gives you those features you need. If you need to later enable the Elastic SIEM inside Security Onion, you can certainly do that.