Educause Security Discussion mailing list archives
Re: SIEM questions.
From: "Perez, Roberto" <Roberto.Perez () LMU EDU>
Date: Thu, 13 May 2021 22:32:20 +0000
Jonathan, At LMU we currently have Splunk ES and managed by an third party (expensive), and I’m currently moving us to a different MSSP (https://www.oculusit.com/security-operations-center/) and as part of their services they use Ellastic as their SIEM (open-source). We will still keep Splunk for now until our current contract expires and then determine if it makes sense to move over completely or look at others like Rapid 7’s InsightIDR which I really like as well. Feel free to reach out directly if you want to hear more details. Roberto Perez, CISSP, CISM, CDPSE, Cybersecurity Audit Director, Information Security and Compliance Information Technology Services<https://its.lmu.edu/> [LMU logo]<https://www.lmu.edu/> Daum Hall 1 LMU Drive Los Angeles, CA 90045-2659 www.lmu.edu<http://www.lmu.edu/> | Privacy + Legal<http://www.lmu.edu/copyright/> Office 310.258.5489<tel:+13102585489> Email roberto.perez () lmu edu<mailto:roberto.perez () lmu edu> [https://s3.amazonaws.com/lmuemailsignature/email-fb.png]<https://www.facebook.com/lmula>[https://s3.amazonaws.com/lmuemailsignature/email-tw.png]<http://twitter.com/loyolamarymount>[https://s3.amazonaws.com/lmuemailsignature/email-in-1.png]<https://instagram.com/loyolamarymount/?hl=en>[https://s3.amazonaws.com/lmuemailsignature/email-li.png]<http://www.linkedin.com/edu/school?id=17875>[https://s3.amazonaws.com/lmuemailsignature/email-yt.png]<http://www.youtube.com/loyolamarymount>[https://s3.amazonaws.com/lmuemailsignature/email-pin.png]<https://www.pinterest.com/loyolamarymount/> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Kimmitt, Jonathan" <jonathan-kimmitt () UTULSA EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Thursday, May 13, 2021 at 11:32 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] SIEM questions. Reposting from the CIO group email for my CIO: Happy Thursday, Smaller institutions with pandemic-minded budgets, do you have a SIEM you’re using that is quality, provides insightful reporting and is either easy to manage OR managed externally? That you would recommend? (I’ll take warnings too!) We’re looking to make a change within the next 12-18 months and I could use honest feedback on solutions, experience, cost, dedicated headcount support. Can email me directly: Thanks much, -Jonathan ~ Jonathan Kimmitt CISSP, FIP, CDPSE, CIPP/E, CIPM, CIPT, OTCP,GLEG, GPEN, GSNA, PCIP, CEH Chief Information Security Officer Information Technology The University of Tulsa 918.631.2743 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- SIEM questions. Kimmitt, Jonathan (May 13)
- Re: SIEM questions. Rich Graves (May 13)
- Re: SIEM questions. Francisco Chavez (May 13)
- Re: SIEM questions. Nadim El-Khoury (May 13)
- Re: [External] Re: [SECURITY] SIEM questions. Kevin Wilcox (May 14)
- Re: [External] Re: [SECURITY] SIEM questions. Kimmitt, Jonathan (May 14)
- Re: [External] Re: [SECURITY] SIEM questions. Beth Albertson (May 14)
- Re: SIEM questions. Nadim El-Khoury (May 13)
- Re: SIEM questions. Kimmitt, Jonathan (May 13)
- <Possible follow-ups>
- Re: SIEM questions. Perez, Roberto (May 13)