Hi community,
The GDPR compliance is demanding that we use automated event log monitoring on our 8-9 servers.
Which tool would you recommend using for this Windows environment? Why?
Thanks in advance for your help!
That would also depend on how much the budget will support and how granular you want to get.
If you want a full solution that will be significantly more than a patched-together solution using open source tools and Windows native logging tools.
What specifically are your objectives? Do they want to scan events for PII, health data, simple website cookies and expirations?
This is a complex question and much more detail, in a general sense, is needed for proper context.
@Doug-Smith Good questions.
I am not sure, we want to do as much as we need to pass GDPR audits!
I will go back to the regulations and see if there is more detail.
SolarWinds is a good choice. Some others to consider are Splunk, Graylog, IBM QRadar and SumoLogic. The last is interesting because it is relatively easy to configure and you can add other open source logging tools, like PacketBeats, which is a lightweight packet shipper.
As you scale up, it is easy to scale with you and is very versatile.
I really only want a simple tool that will help us save time on monitoring event logs. It should point out anomalies -- that is all.
Hi,
It depends on what you need to monitor, how much data is being generated and how many open-source capabilities and/or skill sets you have.
If you are looking at starting low, but have a good open source capability, then I can recommend a few solutions, that you can start for free, but can then scale to a very enterprise solution.
SolarWinds SEM (Security Event Manager) is quickly implemented, easy to understand and will do the job regarding GDPR and other compliance regulations.
Getting events from Windows Servers is an easy task with the Agent.
If you have more time for the topic and are more into deep data analytics probably other solutions may be more satisfying.
@reviewer975090 I do agree! It´s a deep solution that is gonna give you a full report of what is going on in your network. If those servers are virtual, there are more options.