[32116] in resnet
Re: SIEM / Log monitoring options
daemon@ATHENA.MIT.EDU (John Schaeffer)
Fri May 26 09:25:28 2017
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="94eb2c0d9e18697df605506d407e"
Message-ID: <CAFe4CKt_S43_qV4TGwVp_K3rrDfOS1Cp0MCCSWTQMn+JAG8iwg@mail.gmail.com>
Date: Fri, 26 May 2017 09:24:05 -0400
Reply-To: jsch@conncoll.edu
From: John Schaeffer <jsch@conncoll.edu>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <DM5PR05MB2860F07FCA0D6871B2F4ABF0D7FC0@DM5PR05MB2860.namprd05.prod.outlook.com>
--94eb2c0d9e18697df605506d407e
Content-Type: text/plain; charset="UTF-8"
Here at Connecticut College we are using EIQ Networks. They collect and
monitor our logs and perform vulnerability scanning. I've been happy with
this service, because of the log review component. They have a ticketing
system that tracks issues and we meet with them bi-weekly to discuss
anything unusual.
On Fri, May 26, 2017 at 7:41 AM, Osborne, Bruce W (Network Operations) <
bosborne@liberty.edu> wrote:
> Our Network Operations group here has started using the free Graylog
> server.
>
>
>
>
>
> *Bruce Osborne*
>
> *Senior Network Engineer*
>
> *Network Operations - Wireless*
>
> *(434) 592-4229 <(434)%20592-4229>*
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* MATT KARSCHNER [mailto:karschner@LYCOMING.EDU]
> *Sent:* Thursday, May 25, 2017 11:20 AM
> *Subject:* SIEM / Log monitoring options
>
>
>
> Hi everyone,
>
>
>
> I'm curious what you all are using, if anything, for log monitoring / SIEM
> products or services. We are looking into these at the moment:
>
>
>
> AlienVault
>
> Catchpoint
>
> EventTracker
>
> FortiSIEM
>
> LogRhythm
>
> Logic Monitor
>
> NetWatcher
>
>
>
> Thank you for any information.
>
>
>
> --
>
> Matt Karschner
>
> Network Specialist
>
> Lycoming College
>
> 700 College Place Box 142
>
> Williamsport, PA 17701
>
> 570.321.4397
>
> karschner@lycoming.edu <franquet@lycoming.edu>
>
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
--
John Schaeffer
Director of Networks, Systems and Security
jsch@conncoll.edu
(860)222-0859
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--94eb2c0d9e18697df605506d407e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Here at Connecticut College we are using EIQ Networks. The=
y collect and monitor our logs and perform vulnerability scanning.=C2=A0 I&=
#39;ve been happy with this service, because of the log review component. T=
hey have a ticketing system that tracks issues and we meet with them bi-wee=
kly to discuss anything unusual.=C2=A0</div><div class=3D"gmail_extra"><br>=
<div class=3D"gmail_quote">On Fri, May 26, 2017 at 7:41 AM, Osborne, Bruce =
W (Network Operations) <span dir=3D"ltr"><<a href=3D"mailto:bosborne@lib=
erty.edu" target=3D"_blank">bosborne@liberty.edu</a>></span> wrote:<br><=
blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px=
#ccc solid;padding-left:1ex">
<div lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"m_-6886403838247094681WordSection1">
<p class=3D"MsoNormal">Our Network Operations group here has started using =
the free Graylog server.<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal" style=3D"background:white">
<b><span style=3D"font-size:8.5pt;font-family:"Verdana",sans-seri=
f;color:black">=C2=A0</span></b><b><span style=3D"font-size:10.0pt;font-fam=
ily:"Tahoma",sans-serif;color:black"><u></u><u></u></span></b></p=
>
<p class=3D"MsoNormal" style=3D"margin-right:.5in;background:white;text-aut=
ospace:none">
<b><span style=3D"font-size:8.5pt;font-family:"Verdana",sans-seri=
f;color:#001b3e">Bruce Osborne</span></b><b><span style=3D"font-size:10.0pt=
;font-family:"Tahoma",sans-serif;color:black"><u></u><u></u></spa=
n></b></p>
<p class=3D"MsoNormal" style=3D"margin-right:.5in;background:white;text-aut=
ospace:none">
<b><i><span style=3D"font-size:8.5pt;font-family:"Verdana",sans-s=
erif;color:#001b3e">Senior Network Engineer</span></i></b><b><span style=3D=
"font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"><u=
></u><u></u></span></b></p>
<p class=3D"MsoNormal" style=3D"margin-right:.5in;background:white;text-aut=
ospace:none">
<b><span style=3D"font-size:8.5pt;font-family:"Verdana",sans-seri=
f;color:#001b3e">Network Operations - Wireless</span></b><b><span style=3D"=
font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"><u>=
</u><u></u></span></b></p>
<p class=3D"MsoNormal" style=3D"background:white">
<b><span style=3D"font-size:8.5pt;font-family:"Tahoma",sans-serif=
;color:black">=C2=A0</span></b><b><span style=3D"font-size:8.5pt;font-famil=
y:"Verdana",sans-serif;color:black"><a href=3D"tel:(434)%20592-42=
29" value=3D"+14345924229" target=3D"_blank">(434) 592-4229</a></span></b><=
b><span style=3D"font-size:10.0pt;font-family:"Tahoma",sans-serif=
;color:black"><u></u><u></u></span></b></p>
<p class=3D"MsoNormal" style=3D"background:white">
<b><span style=3D"font-size:8.5pt;font-family:"Georgia",serif;col=
or:#aa0000">LIBERTY UNIVERSITY</span></b><b><span style=3D"font-size:10.0pt=
;font-family:"Tahoma",sans-serif;color:black"><u></u><u></u></spa=
n></b></p>
<p class=3D"MsoNormal" style=3D"background:white">
<b><i><span style=3D"font-size:8.5pt;font-family:"Georgia",serif;=
color:#aa0000">Training Champions for Christ since 1971</span></i></b><b><s=
pan style=3D"font-size:10.0pt;font-family:"Tahoma",sans-serif;col=
or:black"><u></u><u></u></span></b></p>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<div style=3D"border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b>From:</b> MATT KARSCHNER [mailto:<a href=3D"mailt=
o:karschner@LYCOMING.EDU" target=3D"_blank">karschner@LYCOMING.EDU</a><wbr>=
] <br>
<b>Sent:</b> Thursday, May 25, 2017 11:20 AM<span class=3D""><br>
<b>Subject:</b> SIEM / Log monitoring options<u></u><u></u></span></p>
</div>
</div><span class=3D"">
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div id=3D"m_-6886403838247094681divtagdefaultwrapper">
<p><span style=3D"font-size:12.0pt;color:black">Hi everyone,=C2=A0 <u></u><=
u></u></span></p>
<p><span style=3D"font-size:12.0pt;color:black"><u></u>=C2=A0<u></u></span>=
</p>
<p><span style=3D"font-size:12.0pt;color:black">I'm curious what you al=
l are using, if anything, for log monitoring / SIEM products or services.=
=C2=A0 We are looking into these at the moment:<u></u><u></u></span></p>
<p><span style=3D"font-size:12.0pt;color:black"><u></u>=C2=A0<u></u></span>=
</p>
<p><span style=3D"font-size:12.0pt;color:black">AlienVault<u></u><u></u></s=
pan></p>
<p><span style=3D"font-size:12.0pt;color:black">Catchpoint<u></u><u></u></s=
pan></p>
<p><span style=3D"font-size:12.0pt;color:black">EventTracker<u></u><u></u><=
/span></p>
<p><span style=3D"font-size:12.0pt;color:black">FortiSIEM<u></u><u></u></sp=
an></p>
<p><span style=3D"font-size:12.0pt;color:black">LogRhythm<u></u><u></u></sp=
an></p>
<p><span style=3D"font-size:12.0pt;color:black">Logic Monitor<u></u><u></u>=
</span></p>
<p><span style=3D"font-size:12.0pt;color:black">NetWatcher<u></u><u></u></s=
pan></p>
<p><span style=3D"font-size:12.0pt;color:black"><u></u>=C2=A0<u></u></span>=
</p>
<p><span style=3D"font-size:12.0pt;color:black">Thank you for any informati=
on.<u></u><u></u></span></p>
<p><span style=3D"font-size:12.0pt;color:black"><u></u>=C2=A0<u></u></span>=
</p>
<div id=3D"m_-6886403838247094681Signature">
<div id=3D"m_-6886403838247094681divtagdefaultwrapper">
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:black">--=C2=
=A0<u></u><u></u></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none">
<span style=3D"color:#18376a">Matt Karschner</span><span style=3D"font-size=
:12.0pt;color:black"><u></u><u></u></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none">
<span style=3D"color:#18376a">Network Specialist</span><span style=3D"font-=
size:12.0pt;color:black"><u></u><u></u></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none">
<span style=3D"color:#18376a">Lycoming College</span><span style=3D"font-si=
ze:12.0pt;color:black"><u></u><u></u></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none">
<span style=3D"color:#18376a">700 College Place Box 142</span><span style=
=3D"font-size:12.0pt;color:black"><u></u><u></u></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none">
<span style=3D"color:#18376a">Williamsport, PA 17701</span><span style=3D"f=
ont-size:12.0pt;color:black"><u></u><u></u></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none">
<span style=3D"color:black"><a href=3D"tel:570.321.4397" target=3D"_blank">=
<span style=3D"color:#0000e9">570.321.4397</span></a></span><span style=3D"=
font-size:12.0pt;color:black"><u></u><u></u></span></p>
<p class=3D"MsoNormal" style=3D"text-autospace:none">
<span style=3D"color:black"><a href=3D"mailto:franquet@lycoming.edu" target=
=3D"_blank"><span style=3D"color:#0000e9">karschner@lycoming.edu</span></a>=
</span><span style=3D"font-size:12.0pt;color:black"><u></u><u></u></span></=
p>
</div>
</div>
</div>
<p class=3D"MsoNormal">______________________________<wbr>_________________=
____ You are subscribed to the ResNet-L mailing list.
<u></u><u></u></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a> ____________________=
__________<wbr>_____________________
<u></u><u></u></p>
</span></div>
</div><div class=3D"HOEnZb"><div class=3D"h5">
______________________________<wbr>_____________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a>
______________________________<wbr>_____________________
</p></div></div></blockquote></div><br><br clear=3D"all"><div><br></div>-- =
<br><div class=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div =
dir=3D"ltr"><div><div dir=3D"ltr"><div dir=3D"ltr"><div><pre style=3D"color=
:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap"><img src=3D"http://w=
ww.conncoll.edu/media/website-media/is/images/ETS-logo.png" width=3D"200" h=
eight=3D"70"></pre><pre style=3D"color:rgb(0,0,0);word-wrap:break-word;whit=
e-space:pre-wrap"><span style=3D"font-family:verdana,sans-serif;font-size:1=
2.8px;color:rgb(34,34,34)">John Schaeffer </span></pre><pre style=3D"color:=
rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap"><span style=3D"font-f=
amily:verdana,sans-serif;font-size:12.8px;color:rgb(34,34,34)">Director of =
Networks, Systems and Security</span></pre><pre style=3D"color:rgb(0,0,0);w=
ord-wrap:break-word;white-space:pre-wrap"><a href=3D"mailto:jsch@conncoll.e=
du" style=3D"font-family:verdana,sans-serif;font-size:12.8px" target=3D"_bl=
ank">jsch@conncoll.edu</a><span style=3D"font-family:verdana,sans-serif;fon=
t-size:12.8px;color:rgb(34,34,34)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0</span=
></pre></div><font face=3D"verdana, sans-serif">(860)222-0859 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0</font><br><div>=C2=A0</div></div></div></div></div></div>
</div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--94eb2c0d9e18697df605506d407e--
