Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1110 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOS XG and SIEM

Anil Lutchman

Hi,

I am trying to integrate my Sophos XG's with a free SIEM platform. Has anyone successfully managed to get through with this. I am currently trying with SPLUNK but i am having issues. I have also considered Alien Vault OSSIM, SNORT and WAZUH. Can anyone assist?



This thread was automatically locked due to age.
Parents
  • 0

    Hi

    Usually Free SIEM platform means limitation of GB / day of the logs it receives or the impossibility of enabling different log interpreters that SIEM can manage.

    I would not want to disappoint you but SIEM Free does not exist , unlikely unless you do it for study, where the above limits can be ignored.

    The use of SIEM is to be able to aggregate multiple log sources (Firewall, Windows, Linux, Antivirus, Office365, etc.) and through the knowledge of several "points of view" or "lists of dangerous IPs" and the combination / correlation of events seeks to increase the security of the systems.

    Sometimes SIEM is used to do research on what happened maybe months before ...

    Alienvault is a good SIEM ... but I recommend you take a look at SGBOX too.

    Ciao!

Reply
  • 0

    Hi

    Usually Free SIEM platform means limitation of GB / day of the logs it receives or the impossibility of enabling different log interpreters that SIEM can manage.

    I would not want to disappoint you but SIEM Free does not exist , unlikely unless you do it for study, where the above limits can be ignored.

    The use of SIEM is to be able to aggregate multiple log sources (Firewall, Windows, Linux, Antivirus, Office365, etc.) and through the knowledge of several "points of view" or "lists of dangerous IPs" and the combination / correlation of events seeks to increase the security of the systems.

    Sometimes SIEM is used to do research on what happened maybe months before ...

    Alienvault is a good SIEM ... but I recommend you take a look at SGBOX too.

    Ciao!

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML