New
#1
Basic SEM for Windows?
Hi,
I'm in the need of a cheap (preferably free), low management overhead SIEM solution that can easily plug into a Windows environment. I don't really need it to be the full fledged Splunk, but it needs to have these three things:
- Real-time log analysis
- Alerting
- Lightweight
It's not like I haven't done my due diligence. I'm fully aware of the FOSS and non-free open-source alternatives out there.
I've been on the very, very odd position where I've been the one chasing Splunk trying to get a quote for my small company (without luck).
The whole point is to make sure this goes as smooth as possible just for the fact that we're heavily understaffed and I myself and constantly doing other tasks aside from sysadmin. In all respects, I am a glorified helpdesk that shares some basic rudimentary sysadmin tasks. This, on top of the fact I've been put on a contract and have things to do there as well.
FOSS options would work under different circumstances if it weren't for the fact that leadership wants to make sure we're at very little risk for being left in the dark. In other words, there has to be some level of support being offered by the vendor where we aren't relying upon a community-base. This is for rational reasons as for (example) when I'm long gone, my replacement likely won't have a clue how to manage the shit I've done unless I've documented to the extreme.
TL;DR:
I was going to consider Splunk Cloud as the name suggests it would be simple. However, also knowing it is Splunk, my guess is that it would be expensive.
What option do you recommend for a small company with around 10-15 servers on-premises?
P.S. - Found this neat little PowerShell script that does scans for one thing that a SIEM would normally look at but if there's anything kind of like this, this would also suffice. If I can just take some scripts and put them into Task Scheduler, my job is done. As long as something is scanning the logs and triggering emails, that's all that needs to happen.
Last edited by That Random Guy; 28 Mar 2020 at 12:50. Reason: lines