ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    arcSight SIEM

    IT Discussion
    3
    3
    295
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IT-ADMINI
      IT-ADMIN
      last edited by

      Hi folks

      any advice regarding arcSight SIEM, we want to have a SOC in order to have a full vision of what is going on in our environement, and the management intend to buy arcSight and waiting for our approval,

      anyone already used it and familliare with the usecases ?? is it worth the investement ?
      we are using ELK stack (free version) just to be the first stage in order to define our need and classify our network but we can't continue to use since it doesn't correlate events and send alarms in case of any attack

      1 Reply Last reply Reply Quote 0
      • IRJI
        IRJ
        last edited by

        Elk stack integrates with wazuh and does an amazing job of correlating events. You get custom security dashboards and can monitor literally everything. The rule sets are very extensive with many correlations built in.

        It's FOSS and well supported by the community

        https://wazuh.com/

        1 Reply Last reply Reply Quote 1
        • stacksofplatesS
          stacksofplates
          last edited by stacksofplates

          I've used Graylog previously. We used limited amounts of the dashboards in Graylog and we mostly created our own in Grafana to display things we needed. The advantage to Graylog over Elastic Stack is RBAC is included out of the box, you don't have to purchase X-Pack or custom build anything to get that functionality.

          But I don't believe it works natively with Wazuh like @IRJ mentioned.

          1 Reply Last reply Reply Quote 1
          • 1 / 1
          • First post
            Last post