biuld a siem without Enterprise security app

Depressedadmin · ‎04-12-2021

Hi i'm going to build a minimal siem in our office and because of price can't get es app what I would like to know is what if i use security essential app with some third party like wazuh and make some correlation somehow,

could i detect threat and risks?

since i can't get answer any where else ,it would be great to help me 🙂

96nick · ‎04-12-2021

Agree with @radam2000, the Infosec App for Splunk is a good entry way into SIEMing without the money of ES.

I'm on the same journey you are, and it isn't the easiest. I would use the following resources to get started:

Infosec App for Splunk
Splunk Security Essentials
Data visualization apps for your logs (Windows Inf App, Unix App, FW app, etc.)

You mention using third party applications. You can definitely do that, just don't set up 20 tools that you need to look out for. It's fine not having the famous 'single pane of glass', but don't have too many tools going at once!

Depressedadmin · ‎04-12-2021

tnx you both for reply this is defiantly enlightening for me at this point

have you been heard about 'wazuh'? it mention itself as "Comprehensive SIEM "!

Depressedadmin · ‎04-12-2021

OR since my main goal is to make siem to analyze my pentest impacts or analyze attack simulations, is there other ways or even with similar applications?

tnx

radam2000 · ‎04-12-2021

why don't you try the free InfoSec App... its also a good starting point and provides some pretty good information...

https://splunkbase.splunk.com/app/4240/

Rich

biuld a siem without Enterprise security app

other

using Enterprise Security

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)