Security Information and Event Management (SIEM) Forum

Ad84c32d 0949 42fe 8748 9a7444b3a48b avatar
Content Specialist
IT Central Station
Feb 12 2018
I'm a community manager here at IT Central Station and I'm doing some research to try to make our platform even better. I'd really appreciate it if you could answer a few quick questions. Was your research of SIEM products on our site for a purchase? If not, what was it for? Which product did you end up choosing and when did you finalize the purchase? Was IT Central Station content helpful in helping you make a decision? What other content or data could we have offered that would have helped you make a quicker/better decision? I really appreciate your help! Rhea
Anonymous avatar x80
Senior Consultant-Information Security at a tech services company with 51-200 employees
I would like to know the evaluation parameters and reviews for SIEM-Alien Vault and LogRhythm to implement in a banking environment in Gulf region.
Fdd16203 8ef5 4fdd afba 5f7acca6b477 avatar
Shaikh Jamal UddinIBM QRadar is the best option because they are using UBA for the quick detection of insider threats, targeted attack and financial fraud instead of tracking devices or security event by using machine learning algorithm.
Anonymous avatar x80
I do not have a business email address. How can I download PDFs?
Is there any comparison criteria on Tableau depicting SIEM vendors weaknesses and strengths?
E33191b8 2483 4097 8a5b 544231afccbf avatar
Security Analyst at a tech vendor with 51-200 employees
We're looking for real-life experience on behalf of a client in integrating QRadar data into Splunk ES, or Splunk/Splunk ES into QRadar or both into a 3rd option for PA/SA. This client has one of the largest and most complex networks among the federal agencies, currently is using both products in differing areas, and is looking for the best way forward, enterprise-wide.The vendors have been telling us that it can work either way, but we have yet to see a live case of this, and we've been looking for specifics on how to make this work, and work well. We don't have a dog in this fight, we just want the solution that makes the best sense, given the considerable sums already spent on both solutions, and the size and complexity of the networks involved.If you're a taxpayer, here's a chance to help save a lot of time and money.Appreciatively,Barry
I am looking for features comparison between AlienVault, SolarWinds LEM, HPE Arcsight, and any other similar enterprise grade products. Can you share a feature comparison document?
Da738069 743c 4c31 951e 2b0fdd4935ff avatar
FO Engineer at a comms service provider with 501-1,000 employees
Hi everyone,I would like to export Nessus Scanner reports into ArcSight ESM Console but I do not have any idea how to do this.  Can anyone help me, please? Sam
A5223938 eed9 42af 9f16 9a9bd1568f21 avatar
Content and Community Manager
IT Central Station
Recently, our user activity has shown that Splunk is the most commonly searched solution on our site.  3,643 of our community members follow Splunk, and it's listed in five of our product categories: Log Management, Data Visualization, IT Operations Analytics, and Security Information and Event Management (SIEM). What are some of the best features and use-cases of Splunk, and why are people explicitly searching for it to learn more?
Bdd785d9 4156 4288 b5a3 6ffdeb848ca9 avatar
Randall HindsI agree with Aaron & Tom on their points. Along their use cases, I have been able to show more than Log data in Splunk views. We tested several plug-ins during a small pilot, and we were able to bring O/S (Win/Unix/Linux) & APM data metrics into the same views as Logged data. I've seen others use it to visualize a wider range of data types, too. That said, Tom's point resonates with me. Their are better tools for visualization (ZoomData & Kibana come to mind), but as an aggregator Splunk has the most plug-in types out there. IF (big if) you have the $$ to support ingesting everything, you could theoretically pull data that lives in 40 or 400 source tools and thousands of hosts/systems into a single set of enterprise views. I am not fortunate enough to have that kind of budget though... After proving the concept in pilot, we had to dismantle our 'unified views' due to lack of funding.
Jean luc labbe li?1414333227
Jean-Luc LabbéGood log management solution you can use if you know what you ae looking for. Not a SIEM solution though even though customer should be aiming for solutions that go beyond what a SIEM does, that is, a Security Intelligence platform.
Anonymous avatar x30
Julio JimenezThe flexibility that it offers, One of the most powerful features of Splunk is its ability to extract fields from events when you search, creating structure out of unstructured data. It takes a small amount of “learning time” to start creating or getting searches that are meaningful to you. You can start “splunking” for free, which allows you to see the benefit. There is a ton of resources on the web, uses cases, and step by step instructions.

Sign Up with Email