January 19, 2021

SIEM Solution for MSP

Hi all,

I work as a Managed Security Services Officer and basically I’m working on creating a SIEM solution based on the Elastic Stack (Elasticsearch Logstash Kibana) running on a Kubernetes cluster on bare metal.

However I was wondering where does the ELK ranks in the SIEM solutions for security purpose (trigger alerts and response based on MITTRE ATT&CK db) and monitoring ? Are there better (open-source or not) alternatives that we can implement on an enterprise scale for free (or not) ?

Comments

magistermundisum

Check out wazuh. Elastic in the bottom, wazuh as an app. Some rules and triggers are ootb.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.