SIEMonster
-
I was looking for a centralized log monitoring option to monitor our entire infrastructure and found this during my search
https://n0where.net/open-source-security-incident-and-event-management
Product https://siemonster.com
Looks interesting
-
Cool names for their servers
Proteus
Tiamat
Hydra
Kraken
IkutursoThey all seem to be named after mythical sea beasts.
Ive not used this particular one though. -
I tried to run the aws image but was not successful, need to spend more time to test this.
-
From a REALLY quick look, it looks like this is ELK+ basically? It's SIEM built on top of the ELK stack, so not reinventing the wheel, just improving it?
-
@scottalanmiller said in SIEMonster:
From a REALLY quick look, it looks like this is ELK+ basically? It's SIEM built on top of the ELK stack, so not reinventing the wheel, just improving it?
Well, there is a shitton of room to improve because it is a pain in the ass to setup a good ELK stack well.
-
@jaredbusch said in SIEMonster:
@scottalanmiller said in SIEMonster:
From a REALLY quick look, it looks like this is ELK+ basically? It's SIEM built on top of the ELK stack, so not reinventing the wheel, just improving it?
Well, there is a shitton of room to improve because it is a pain in the ass to setup a good ELK stack well.
Don't remind me. Updating the Wazuh server I have running to Fedora 27 broke something with the integrations... so it remains on Fedora 26 until I can look into it further.
-
@jaredbusch said in SIEMonster:
@scottalanmiller said in SIEMonster:
From a REALLY quick look, it looks like this is ELK+ basically? It's SIEM built on top of the ELK stack, so not reinventing the wheel, just improving it?
Well, there is a shitton of room to improve because it is a pain in the ass to setup a good ELK stack well.
ELK is good stuff but yeah, sucks to install and has no user controls!
-
I don't have a spare bare metal or space on VMware to test this. When I tried on aws with a medium instance; this needs 5 instances to complete the setup, i got the warning that the resources doesn't meet the requirements. Didn't get a chance to explore further
-
@ambarishrh said in SIEMonster:
I don't have a spare bare metal or space on VMware to test this. When I tried on aws with a medium instance; this needs 5 instances to complete the setup, i got the warning that the resources doesn't meet the requirements. Didn't get a chance to explore further
Five seems excessive :)
-
And from the high level design document it looks like logstash grayling and elastic
-
@scottalanmiller said in SIEMonster:
@ambarishrh said in SIEMonster:
I don't have a spare bare metal or space on VMware to test this. When I tried on aws with a medium instance; this needs 5 instances to complete the setup, i got the warning that the resources doesn't meet the requirements. Didn't get a chance to explore further
Five seems excessive :)
