Nowadays all major Linux distributions are using systemd-journald to handle locally generated system events, but you may still need a syslog agent if you want to forward them to a remote location – like a SIEM. Keep reading →
Sending events from our servers to a SIEM should be a pretty standard practice nowadays. However, in practice – it seems – still not clear what to send, and how to actually do this properly. Keep reading →
IBM QRadar Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise. Keep reading →
IBM is bringing free QRadar to a wider audience with Community Edition. Community Edition is a fully-featured version of QRadar that is low memory, low EPS, and includes perpetual license.
I’m already mentioned in my previous article about Traffic Analysis in Qubes OS, that the IDS system alerts and logs should be passed to a log management system where we can correlate them with other logs and alerts. That system can be called SIEM
However a real SIEM system makes sense in an enterprise environment only, because it is requires 7×24 monitoring, and it is also needs special knowledge and experience to analyze the results.