Skip to content

Choosing a SIEM

  • hosting
  • server
  • servers
  • infrastructure
  • siem

What is a SIEM?

Security information and event management (SIEM): used to monitor fleet deployment and be able to respond to threats.

Open Source Tools

ELK provides somewhat of a SIEM with their fleet management. I tried it once, and at first it was great, but then it had a lot of issues with my windows gaming pc and things went wonky due to slow disk performance.

Wazuh is on the surface. Cursory searching of reddit seems to show it's kind of based on ELK (Though can use other providers)

Security Onion seems to get mentioned a lot when looking at Wazuh, as Wazuh is supposed to come with Security Onion. I just figured out Security Onion is a full on probably Linux Distro (maybe bsd?).

UTMStack These guys have activity in social media (Reddit at least) in posts that talk about Wazuh and SO and it comes up often. On the surface it seems like a very nice solution. I like the idea of federated instances to relieve the stress of scaling a little bit.

Current Status

I'm leaning towards trying UTMStack, as it seems more out of the box complete than other options.