[32111] in resnet
Re: SIEM / Log monitoring options
daemon@ATHENA.MIT.EDU (Randy Kouns)
Thu May 25 11:41:21 2017
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="001a113c9d2683d3ba05505b0cb5"
Message-ID: <CAJ0ztaJTjrSR-bSEeoefTgL9fJYOKReoseVxV111jL25wmysGg@mail.gmail.com>
Date: Thu, 25 May 2017 11:41:05 -0400
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Randy Kouns <randykouns@GMAIL.COM>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <BLUPR05MB232171E6850BD7E697B4E14CDFF0@BLUPR05MB232.namprd05.prod.outlook.com>
--001a113c9d2683d3ba05505b0cb5
Content-Type: text/plain; charset="UTF-8"
Hello Matt,
Although I am no longer in Higher Ed I still follow the list just for these
types of posts.
I am now in city government and would be happy to share our experience with
anyone looking at AlienVault USM. We have it running behind our SonicWall
as a full IDS/IPS system. We find it fully configurable for log
monitoring/SIEM for all assets on the network. (end points (which includes
networked printers) as well as servers). New to the AlienVault (was here
when I started a year ago) I recently attending a week long training
program that really helped in fine tuning of the appliance. Functionality
is impressive.
If you want more specific information, please feel free to drop me an email
directly.
Randy Kouns
Director of Information Technology
City of Richmond, IN
rkouns@richmondindiana.gov
On Thu, May 25, 2017 at 11:20 AM, MATT KARSCHNER <karschner@lycoming.edu>
wrote:
> Hi everyone,
>
>
> I'm curious what you all are using, if anything, for log monitoring / SIEM
> products or services. We are looking into these at the moment:
>
>
> AlienVault
>
> Catchpoint
>
> EventTracker
>
> FortiSIEM
>
> LogRhythm
>
> Logic Monitor
>
> NetWatcher
>
>
> Thank you for any information.
>
>
> --
>
> Matt Karschner
>
> Network Specialist
>
> Lycoming College
>
> 700 College Place Box 142
>
> Williamsport, PA 17701
>
> 570.321.4397
>
> karschner@lycoming.edu <franquet@lycoming.edu>
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--001a113c9d2683d3ba05505b0cb5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hello Matt,<div><br></div><div>Although I am no longer in =
Higher Ed I still follow the list just for these types of posts.</div><div>=
<br></div><div>I am now in city government and would be happy to share our =
experience with anyone looking at AlienVault USM. =C2=A0 We have it running=
behind our SonicWall as a full IDS/IPS system.=C2=A0 We find it fully conf=
igurable for log monitoring/SIEM for all assets on the network. =C2=A0(end =
points (which includes networked printers) as well as servers). =C2=A0 New =
to the AlienVault (was here when I started a year ago) =C2=A0I recently att=
ending a week long training program that really helped in fine tuning of th=
e appliance.=C2=A0 Functionality is impressive.</div><div><br></div><div>If=
you want more specific information, please feel free to drop me an email d=
irectly.</div><div><br></div><div><br></div><div>Randy Kouns</div><div>Dire=
ctor of Information Technology</div><div>City of Richmond, IN</div><div><a =
href=3D"mailto:rkouns@richmondindiana.gov">rkouns@richmondindiana.gov</a></=
div><div><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail=
_quote">On Thu, May 25, 2017 at 11:20 AM, MATT KARSCHNER <span dir=3D"ltr">=
<<a href=3D"mailto:karschner@lycoming.edu" target=3D"_blank">karschner@l=
ycoming.edu</a>></span> wrote:<br><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"ltr">
<div id=3D"m_3344617865074214174divtagdefaultwrapper" dir=3D"ltr" style=3D"=
font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-se=
rif,EmojiFont,"Apple Color Emoji","Segoe UI Emoji",Noto=
ColorEmoji,"Segoe UI Symbol","Android Emoji",EmojiSymbo=
ls">
<p>Hi everyone,=C2=A0 </p>
<p><br>
</p>
<p>I'm curious what you all are using, if anything, for log monitoring =
/ SIEM products or services.=C2=A0 We are looking into these at the moment:=
</p>
<p><br>
</p>
<p>AlienVault</p>
<p>Catchpoint</p>
<p>EventTracker</p>
<p>FortiSIEM</p>
<p>LogRhythm</p>
<p>Logic Monitor</p>
<p>NetWatcher</p>
<p><br>
</p>
<p>Thank you for any information.</p>
<p><br>
</p>
<div id=3D"m_3344617865074214174Signature">
<div id=3D"m_3344617865074214174divtagdefaultwrapper" dir=3D"ltr" style=3D"=
font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-se=
rif,EmojiFont,"Apple Color Emoji","Segoe UI Emoji",Noto=
ColorEmoji,"Segoe UI Symbol","Android Emoji",EmojiSymbo=
ls,EmojiFont,"Apple Color Emoji","Segoe UI Emoji",NotoC=
olorEmoji,"Segoe UI Symbol","Android Emoji",EmojiSymbol=
s">
<p class=3D"MsoNormal">--=C2=A0</p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:11.0pt;font-family:Calibri;color:#18376a">Matt Karschner</span><span sty=
le=3D"font-size:11.0pt;font-family:Calibri"></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:11.0pt;font-family:Calibri;color:#18376a">Network Specialist</span><span=
style=3D"font-size:11.0pt;font-family:Calibri"></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:11.0pt;font-family:Calibri;color:#18376a">Lycoming College</span><span s=
tyle=3D"font-size:11.0pt;font-family:Calibri"></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:11.0pt;font-family:Calibri;color:#18376a">700 College Place Box 142</spa=
n><span style=3D"font-size:11.0pt;font-family:Calibri"></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:11.0pt;font-family:Calibri;color:#18376a">Williamsport, PA 17701</span><=
span style=3D"font-size:11.0pt;font-family:Calibri"></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:11.0pt;font-family:Calibri"><a href=3D"tel:570.321.4397" id=3D"m_3344617=
865074214174LPNoLP" target=3D"_blank"><span style=3D"color:#0000e9">570.321=
.4397</span></a></span></p>
<p></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none"><span style=3D"font-si=
ze:11.0pt;font-family:Calibri"><a href=3D"mailto:franquet@lycoming.edu" id=
=3D"m_3344617865074214174LPNoLP" target=3D"_blank"><span style=3D"color:#00=
00e9">karschner@lycoming.edu</span></a></span></p>
</div>
</div>
</div>
</div>
______________________________<wbr>_____________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a>
______________________________<wbr>_____________________
</p></blockquote></div><br></div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--001a113c9d2683d3ba05505b0cb5--
