2014-05-07 20:11:00 UTC

Has anyone got experience in deployment of a SIEM solution?


Has anyone got experience in deployment of a SIEM solution using either McAfee Nitro or IBM Qradar or AlienVault USM? 

I am looking to understand the pitfalls associated. I find that the vendor documentation is often short on specifics in relation to the overall components needed and am concerned that there is a nasty expensive surprise waiting for me.

Guest
99 Answers

author avatar
Consultant

This tool can help you both with the implementation and post-implemtation phase. Health Check Framework (HCF) for IBM QRadar: https://www.scnsoft.com/services/security-intelligence-services/health-check-framework-for-ibm-qradar-siem
HCF allows to automate certain things within your deployment, troubleshoot performance issus and fine-tune the solution.

2017-04-04 14:24:13 UTC
author avatar
Consultant

i have implemented the IBM QRadar, its the simplest to install and configure.
install, add log sources,create use cases as per your needs and QRadar will log all the events and network activity.
you can then perform forensics as well as vulnerability scans.

2016-04-26 19:13:12 UTC
author avatar
Top ReviewerTop 5Consultant

The basic things like adding log sources is hopefully not a problem but i think to get most value from the SIEM is to make a list of use cases tweaked to your organisation and log sources to find the problems/incidents your C-level can understand. Then you will keep on getting the fundings you need to get the issues you think is necessary to make the SIEM a valuable tool.

2016-04-13 08:45:30 UTC
author avatar
Top 20Real User

I've implemented AccelOps SIEM which also does Server/Network Performance and Availability monitoring. Most of the work involved was with configuration of SNMPv2/v3 or WMI on endpoint devices if the SIEM is not agent-based. Also, a lot of configuration with fine tuning the rules/reports specific to your organization as mentioned. Basic Linux knowledge is also recommended for AccelOps. I would also recommend purchasing Proessional Services hours for implementation guidance and proper training of IT staff and end-users (if applicable) that will be accessing/using the SIEM.

2016-04-05 22:19:40 UTC
author avatar
Vendor

Hello. If you need any assistance through sizing and deployment of IBM QRadar, you should contact a local sales partner in your area. A partner should be able to size your specific needs, no matter little or big they are.

2015-03-26 16:44:52 UTC
author avatar
User

is it the same now for Alienvault? What level of Linux knowledge is needed?

2016-04-04 10:37:32 UTC
author avatar
Vendor

I have implemented McAfee Nitro and IMB Qradar, where the later was the easiest to implement. Majority of the work is fine tuning and creating rules that are specific for your organization. All vendors will tell you about builtin intelligence that offer nothing in the read world

2015-01-16 13:55:04 UTC
author avatar
Consultant

That's the problem with the SIEM solutions that have no built-in intelligence.

2014-05-15 14:51:56 UTC
author avatar
Vendor

We implemented the Alienvault USM product and one of the largest considerations to make is the Linux knowledge required to implement, configure and manage the solution. Depending on the current in-house skill set and architecture this may or may not present as a consideration.

2014-05-08 21:44:31 UTC
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Security Information and Event Management (SIEM). Updated: May 2020.
419,360 professionals have used our research since 2012.