arcSight SIEM
-
Hi folks
any advice regarding arcSight SIEM, we want to have a SOC in order to have a full vision of what is going on in our environement, and the management intend to buy arcSight and waiting for our approval,
anyone already used it and familliare with the usecases ?? is it worth the investement ?
we are using ELK stack (free version) just to be the first stage in order to define our need and classify our network but we can't continue to use since it doesn't correlate events and send alarms in case of any attack -
Elk stack integrates with wazuh and does an amazing job of correlating events. You get custom security dashboards and can monitor literally everything. The rule sets are very extensive with many correlations built in.
It's FOSS and well supported by the community
-
I've used Graylog previously. We used limited amounts of the dashboards in Graylog and we mostly created our own in Grafana to display things we needed. The advantage to Graylog over Elastic Stack is RBAC is included out of the box, you don't have to purchase X-Pack or custom build anything to get that functionality.
But I don't believe it works natively with Wazuh like @IRJ mentioned.
