Tweet
SIEM on a budget
In reading this Twitter thread (https://twitter.com/infosec_taylor/s...259588106?s=12) and now having access to a beefier lab, I'm again interested in finding a workable SIEM for a small team to operate. As I mention in this thread, I've tried LME (https://github.com/ukncsc/lme) and WEFFLES (https://aka.ms/weffles) (which seems to kind of be abandon as the links are broken) with clients, but still not found anything I can really get excited about.
Per that Twitter thread, some recommendations I've received are:
Per that Twitter thread, some recommendations I've received are:
- ELK / ELK SIEM
- Splunk free
- Qradar free
- SOF-ELK
Comment