After working extensively to review multiple possibilities and eventually deploy a production SIEM solution, I have come across many joys and pitfalls in this area of security. I would like to share some of my experience and (loosely based on our big corporate spend version) suggest a method for those just starting out in this field to build their own free (upto 500MB a day of indexed logs) SIEM solution utilising Splunk, some Linux tools and some clever search rules… Curious, bored or have inkling that you should be thinking more about this? Read on here..............http://pentestsouthwest.com/weblog/?p=7
↧