@Doug-Smith Good questions.
I am not sure, we want to do as much as we need to pass GDPR audits!
I will go back to the regulations and see if there is more detail.
Search for a product comparison in Server Monitoring
Network Security Services at ACE Managed Securty Services
Real User
Top 20
Nov 11, 2022
I would recommend the ACE-Managed SIEM tool. ACE-Managed SIEM is a comprehensive log management solution that incorporates major log management capabilities in a single platform. It's designed to make log management easier by helping organizations consolidate and correlate logs from standalone monitoring tools, SIEM, and other log source types. ACE-SIEM has the ability to collect, parse, and baseline computer logs across environments in real-time. Additionally, it brings centralized log management capabilities to all IT environments so that they can track security incidents, network events, and other important log entries. It offers an effective and cost-efficient way to collect and store log messages, as well as provide reliable and in-depth visibility into all log management and SIEM activities.
ACE-Managed SIEM has a lot of features that can help you to manage the event logs. It has the automatic alerting of critical logs and allows you to monitor the security events like the launch of a process, modification of Registry entry, etc. For example, if you want to monitor the system processes and alerts, you can define an alert filter. You can also monitor and create alerts for the security events like log modification, keylogging, and being logged off. It has an easy-to-use interface that allows you to configure the alerts for specific security events. You can also monitor the security events from remote systems.
@Annette Warren I very much agree with this opinion. SIEM and in fact all aspects of monitoring need care and feeding. This is something that is often forgotten by implementors. Irrespective of the tool or solution you choose, plan to have to look after it. Large enterprises frequently have an entire team of multiple people looking after the monitoring. Smaller organisations may have a couple of IT Admins whose role includes looking after these tools. The smallest organisations, simply won't have the time to do it. So please, even if the product is open-source, consider how you're going to maintain the tool itself.
Director Of Information Security at a tech services company with 501-1,000 employees
Real User
May 11, 2022
SolarWinds is a good choice. Some others to consider are Splunk, Graylog, IBM QRadar and SumoLogic. The last is interesting because it is relatively easy to configure and you can add other open source logging tools, like PacketBeats, which is a lightweight packet shipper.
As you scale up, it is easy to scale with you and is very versatile.
Product Manager at a tech company with 1,001-5,000 employees
Real User
May 5, 2022
Hi,
It depends on what you need to monitor, how much data is being generated and how many open-source capabilities and/or skill sets you have.
If you are looking at starting low, but have a good open source capability, then I can recommend a few solutions, that you can start for free, but can then scale to a very enterprise solution.
Consultant at a computer software company with 11-50 employees
Real User
May 4, 2022
SolarWinds SEM (Security Event Manager) is quickly implemented, easy to understand and will do the job regarding GDPR and other compliance regulations.
Getting events from Windows Servers is an easy task with the Agent.
If you have more time for the topic and are more into deep data analytics probably other solutions may be more satisfying.
Channel Manager at a tech services company with 11-50 employees
Reseller
May 5, 2022
@reviewer975090 I do agree! It´s a deep solution that is gonna give you a full report of what is going on in your network. If those servers are virtual, there are more options.
Security Information and Event Management (SIEM) tools offer comprehensive visibility and management of an organization’s security events through real-time analysis and correlation of data from multiple sources.
SIEM solutions provide a centralized platform for managing security alerts and logs from various sources such as network devices, servers, and applications. They help identify and mitigate potential threats by analyzing event data for unusual patterns and correlations. These tools...
That would also depend on how much the budget will support and how granular you want to get.
If you want a full solution that will be significantly more than a patched-together solution using open source tools and Windows native logging tools.
What specifically are your objectives? Do they want to scan events for PII, health data, simple website cookies and expirations?
This is a complex question and much more detail, in a general sense, is needed for proper context.
@Doug-Smith Good questions.
I am not sure, we want to do as much as we need to pass GDPR audits!
I will go back to the regulations and see if there is more detail.
I would recommend the ACE-Managed SIEM tool. ACE-Managed SIEM is a comprehensive log management solution that incorporates major log management capabilities in a single platform. It's designed to make log management easier by helping organizations consolidate and correlate logs from standalone monitoring tools, SIEM, and other log source types. ACE-SIEM has the ability to collect, parse, and baseline computer logs across environments in real-time. Additionally, it brings centralized log management capabilities to all IT environments so that they can track security incidents, network events, and other important log entries. It offers an effective and cost-efficient way to collect and store log messages, as well as provide reliable and in-depth visibility into all log management and SIEM activities.
ACE-Managed SIEM has a lot of features that can help you to manage the event logs. It has the automatic alerting of critical logs and allows you to monitor the security events like the launch of a process, modification of Registry entry, etc. For example, if you want to monitor the system processes and alerts, you can define an alert filter. You can also monitor and create alerts for the security events like log modification, keylogging, and being logged off. It has an easy-to-use interface that allows you to configure the alerts for specific security events. You can also monitor the security events from remote systems.
There are many good SEIM tools to choose from but they are only as good as the care and feeding.
If you want your tool to be effective you need an experienced team or managed service to bring critical events to your team!
@Annette Warren I very much agree with this opinion. SIEM and in fact all aspects of monitoring need care and feeding. This is something that is often forgotten by implementors. Irrespective of the tool or solution you choose, plan to have to look after it. Large enterprises frequently have an entire team of multiple people looking after the monitoring. Smaller organisations may have a couple of IT Admins whose role includes looking after these tools. The smallest organisations, simply won't have the time to do it. So please, even if the product is open-source, consider how you're going to maintain the tool itself.
SolarWinds is a good choice. Some others to consider are Splunk, Graylog, IBM QRadar and SumoLogic. The last is interesting because it is relatively easy to configure and you can add other open source logging tools, like PacketBeats, which is a lightweight packet shipper.
As you scale up, it is easy to scale with you and is very versatile.
I really only want a simple tool that will help us save time on monitoring event logs. It should point out anomalies -- that is all.
Hi,
It depends on what you need to monitor, how much data is being generated and how many open-source capabilities and/or skill sets you have.
If you are looking at starting low, but have a good open source capability, then I can recommend a few solutions, that you can start for free, but can then scale to a very enterprise solution.
SolarWinds SEM (Security Event Manager) is quickly implemented, easy to understand and will do the job regarding GDPR and other compliance regulations.
Getting events from Windows Servers is an easy task with the Agent.
If you have more time for the topic and are more into deep data analytics probably other solutions may be more satisfying.
@reviewer975090 I do agree! It´s a deep solution that is gonna give you a full report of what is going on in your network. If those servers are virtual, there are more options.