|
10-13-2011, 12:26 PM | #2 | |
That Rascally wabbit!
Join Date: Aug 2009
Casino cash: $10001564
|
Quote:
Your volume of information will give you a pretty good guideline of what you will need (netflow, windows events etc.) Splunk Its free, to a point, but may worth a look to give you some insight into your network. Also, how big is your team? Q1 Labs was just bought my IBM. Their product QRadar is good. Nitrosecurity was just bought by McAfee. They had a very interesting, up and coming SIEM. ArcSight, owned by HP, is a monster and you need a dedicated team to run and manage it. HTH. TCG |
|
Posts: 1,565
|
10-13-2011, 12:29 PM | #3 |
Got swag?
Join Date: Aug 2003
Location: Madison, MS
Casino cash: $10008287
|
You could use Splunk to analyze all your log files for ya.. it's free.
__________________
|
Posts: 11,847
|
10-14-2011, 07:57 AM | #4 |
Starter
Join Date: Jan 2008
Location: Columbia MO
Casino cash: $8409582
|
Cool, i will look into these.
The network size is around 120 machines at various locations through vpn. |
Posts: 487
|
10-14-2011, 09:02 AM | #5 |
That Rascally wabbit!
Join Date: Aug 2009
Casino cash: $10001564
|
|
Posts: 1,565
|
10-14-2011, 09:27 AM | #6 |
Starter
Join Date: Jan 2008
Location: Columbia MO
Casino cash: $8409582
|
event logs and somehow network activity, like what files are being accessed.
|
Posts: 487
|
|
|