This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SIEM recommendations

We're a small company of ~150 staff, high availability services (both internal and external) with a hot site provisioned for full load balancing / fail over. We're looking to implement a new SIEM, mainly for the log management features. Does anyone have any recommendationVidMate s for a decent SIEM or Log Management system for a Windows environment, around 70-100 devices (servers, firewalls, WAFs, etc.) that won't break the bank (no more than a few thousand) and is fairly easy to implement and manage? And any absolute clangers to stay away from?! Thanks in advance!

  • 0

    Hi Lizie,

    Hope you're well.



    I work in Sentinel Support Services, so I think the best is for someone in our Sales team to contact you. They should be able to provide you with all the information you need, and making sure all your business needs are met.

    In what country are you based exactly?

    Now just going over your requirements, i.e. Windows environment, around 70-100 devices (servers, firewalls, WAFs, etc.), Sentinel should be able to monitor that successfully.


    So while I wait for you, please check our documentation online.

    www.microfocus.com/.../Sentinel Enterprise

    The latest Sentinel version on the market is 8.5. Below are just some links that will help explain our product better:
    www.microfocus.com/.../

    www.microfocus.com/.../bookinfo.html

    www.microfocus.com/.../bt0qa0f.html

    www.microfocus.com/.../b11mnesn.html

    You can perform a traditional installation of Sentinel or install the appliance.
    - The traditional installation installs Sentinel on an existing operating system, by using the application installer.
    - The appliance installation installs both the SLES operating system and Sentinel.


    Also I suggest you go to market place:
    marketplace.microfocus.com/

    ...and go to Sentinel, view apps & add-ons. Then go to Sentinel tab.

    Sentinel® Plug-ins—Collectors, Connectors, Solution Packs (which may include multiple other types of Plug-ins), Actions, and Integrators—extend the functionality of the Sentinel platform and take advantage of much of its features and functionality. Use these modular components to integrate with third-party systems, install a complete control-based security solution, and provide automated remediation for detected incidents.

    Particularly of interest for you would be the collectors we use in Sentinel, to parse event data from event sources. For example we have firewall collectors for Palo Alto, Cisco, WatchGuard, etc.


    Also Sentinel can receive, and be integrated with the Arcsight Smart Connector 8.2 version.
    The below link will bring you to arcsight page, and explains the install of smart connector, and what it supports:
    www.microfocus.com/.../

    www.microfocus.com/.../arcsight_connector_supported_products_flyer.pdf


    I hope the above info helps for now.


    Kind regards,


    Henk Tjalsma