topic Splunk vs Tripwire in Monitoring Splunk https://community.splunk.com/t5/Monitoring-Splunk/Splunk-vs-Tripwire/m-p/533938#M4708 <P>Hey, can someone help me?</P><P>i'm new to the IT and have absolutly no knowledge about those kind of stuff but i have to find out about the monitoring features of Tripwire and Splunk.</P><P>Can someone help me here and fill this Excel with y/n in the Splunk part and if possible add more feature that Splunk have but Tripewire not?</P><P>&nbsp;</P><TABLE width="350"><TBODY><TR><TD width="184">Features</TD><TD width="83">Tripwire</TD><TD width="83">Splunk</TD></TR><TR><TD width="184">Agent-based log collection</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Logs deliverd over encrypted connection with compression</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Resiliency when disconnected from management console</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Offline data collection when disconnected from console</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Extensive platform support</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Remote log collection</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Support for multi-line log file collection</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Preservation of original log content</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">High compression ratio for storage</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Ability to store logs centrally</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Ability to store logs locally</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Ability to encrypt stored log data</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Separation of logs by location</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Role-based access to log data</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Scheduled archiving of logs</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Search functionality available via REST API</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Indexed logs für fast searching</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Industry standard classification of events for fast searching</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Simultaneous, multiple results windows for comparing query output</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Scheduled reports</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">lain text and REGEX searches</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Visual custom rule builder</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Extensive fields available for correlation</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Pre-built correlation rules to detect events of interest or sequences of events</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Pre-built correlation rules for compliance requirements</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation with non-log data sources</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Integration with security configuration management tools like Tripwire Enterprise for asset tag data</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Dynamic correlation lists</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Integration with Active Directory for dynamic user lists</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine rules can execute custom scripts as an action</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine can store events in an accessible database</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Log forwarding to multiple destinations</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Event forwarding from correlation rules</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Scheduled reporting tasks</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Pre-built and customizable dashboards</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine rules can generate E-mails</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine rules can generate syslog events</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine rules can generate console notifications</TD><TD>yes</TD><TD>&nbsp;</TD></TR></TBODY></TABLE> Wed, 23 Dec 2020 11:12:57 GMT okonswn 2020-12-23T11:12:57Z Splunk vs Tripwire https://community.splunk.com/t5/Monitoring-Splunk/Splunk-vs-Tripwire/m-p/533938#M4708 <P>Hey, can someone help me?</P><P>i'm new to the IT and have absolutly no knowledge about those kind of stuff but i have to find out about the monitoring features of Tripwire and Splunk.</P><P>Can someone help me here and fill this Excel with y/n in the Splunk part and if possible add more feature that Splunk have but Tripewire not?</P><P>&nbsp;</P><TABLE width="350"><TBODY><TR><TD width="184">Features</TD><TD width="83">Tripwire</TD><TD width="83">Splunk</TD></TR><TR><TD width="184">Agent-based log collection</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Logs deliverd over encrypted connection with compression</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Resiliency when disconnected from management console</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Offline data collection when disconnected from console</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Extensive platform support</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Remote log collection</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Support for multi-line log file collection</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Preservation of original log content</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">High compression ratio for storage</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Ability to store logs centrally</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Ability to store logs locally</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Ability to encrypt stored log data</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Separation of logs by location</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Role-based access to log data</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Scheduled archiving of logs</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Search functionality available via REST API</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Indexed logs für fast searching</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Industry standard classification of events for fast searching</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Simultaneous, multiple results windows for comparing query output</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Scheduled reports</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">lain text and REGEX searches</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Visual custom rule builder</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Extensive fields available for correlation</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Pre-built correlation rules to detect events of interest or sequences of events</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Pre-built correlation rules for compliance requirements</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation with non-log data sources</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Integration with security configuration management tools like Tripwire Enterprise for asset tag data</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Dynamic correlation lists</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Integration with Active Directory for dynamic user lists</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine rules can execute custom scripts as an action</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine can store events in an accessible database</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Log forwarding to multiple destinations</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Event forwarding from correlation rules</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Scheduled reporting tasks</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Pre-built and customizable dashboards</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine rules can generate E-mails</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine rules can generate syslog events</TD><TD>yes</TD><TD>&nbsp;</TD></TR><TR><TD width="184">Correlation Engine rules can generate console notifications</TD><TD>yes</TD><TD>&nbsp;</TD></TR></TBODY></TABLE> Wed, 23 Dec 2020 11:12:57 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-vs-Tripwire/m-p/533938#M4708 okonswn 2020-12-23T11:12:57Z