2020-09-23T06:21:00Z

What is the difference between log management and SIEM?


How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution?

Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?

Guest
55 Answers

author avatar
Top 10User

Rony, Daniel's answer is right on the money.  There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget.  A small operation may be best served by a managed service if it proves to be economical.  I do not have any recent data on these.  When I was investigating SIEMs there were big systems such as IBM, HP and McAfee then I found LogRhythm which has proved to be a great tool and more of what I needed right away.  We manage it ourselves, though they now have a cloud offering.  Also, if you have mostly Office365 and Azure IaaS logs to work with, you may find MS Azure Sentinel to be a good fit.  I hope this is of some use to you.

2020-09-23T14:26:06Z
author avatar
Community Manager

@Lindsay Mieth Thanks for your input!

2020-09-24T07:17:09Z
author avatar
Top 5LeaderboardReal User

Log Management is just that, it looks at logs from devices and attempts to make inferences about security issues from those logs. SIEM technology typically casts a wider net, looking at all types of security events. The best of breed will look at Network flows and events and logs, and other types of events that don't necessarily come from logging sources and provide an inference engine and rules management platform to allow you to detect anomalies from a wide variety of sources rather than just logs.

2020-09-23T13:51:18Z
author avatar
Community Manager

@Daniel Sichel Thanks, this is a very clear answer. If SIEM casts a wider net, is it then necessary to still have a log management tool? Do you have recommendations for products for SIEM/log management?

2020-09-24T07:13:10Z
author avatar
User

In short, Log Management refers to the collection, storage, and organizing of the event logs according to your specifics needs and operational processes. Opposite, the SIEM after data collection, is making the real exploitation of this data acquired from different sources, servers, applications, and OS. In the context of the traditional Intelligence cycle, is performing 3 of the 4 typical stages: Collection, Analysis/Processing, and Distribution to Decision-makers. Said that from the perspective of a former Intel guy is Intelligence vs raw data before even converted into the information.

2020-09-23T19:21:12Z
author avatar
Community Manager

@David Rivas Huete Thanks for weighing in! So with this in mind, does this mean that one should have both types of tools for the most effective event management? Do you have suggestions of tools to perform these functions?

2020-09-24T07:16:32Z
author avatar
User

@Rony_Sklar it depends on several factors, but in my opinion, products such as Splunk, SolarWinds, Netwrix or LOgRithm will cover all needs. For me the most complete is Splunk, LogRithm delivers great information and probably SolarWinds is the friendly dashboard and management, but it's just my personal opinion. Anyway, the first recommendation is the return to the basics and learn how to read and understand a simple log in Windows or Linux, I believe Microsoft provides some training and certification about.

2020-09-25T08:57:41Z
author avatar
Community Manager

@David Rivas Huete thanks  :)

2020-09-27T06:26:44Z
author avatar
User

Splunk would be the best solution to address several use cases.

2020-09-24T03:28:37Z
author avatar
Community Manager

@Esmat Salah El-Din Thanks for your input :)

2020-09-24T07:18:48Z
author avatar
User

Argent Software can help with the following products:-


Argent for Compliance - Compliance and Log monitoring.


 https://www.argent.com/product...


Argent SEIM (Expected release Q4 2020) – Single Security Management platform that provides full visibility to activity in your network. Argent SEIM collects, parses and categorizes data for correlation and threat detection so that you can act accordingly.



https://www.argent.com


2020-09-24T03:27:04Z
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Log Management. Updated: October 2020.
443,152 professionals have used our research since 2012.