Post AMPUAV4cJQgVCH5QIK by cyberfarmer@fosstodon.org
 (DIR) More posts by cyberfarmer@fosstodon.org
 (DIR) Post #AMPUAV4cJQgVCH5QIK by cyberfarmer@fosstodon.org
       2022-08-10T23:58:18Z
       
       0 likes, 0 repeats
       
       I've been futzing around with my Wazuh install tonight and frankly as a SIEM it just kinda feels incomplete.Now I'm a bit spoiled coming from Splunk Enterprise Security of course. But lacking the ability to process alerts is kinda a killer for me. I need something where I can receive an alert, investigate, and either take action if needed or close false positive if not. Maybe I'll give Elastic Security a shot this weekend, but lord knows installing an ELK stack is a pain in the ass.
       
 (DIR) Post #AMPUAVZoRRdcl1gKv2 by jrballesteros05@fosstodon.org
       2022-08-11T06:34:47Z
       
       0 likes, 0 repeats
       
       @cyberfarmer I'm looking for a open source alternative to Splunk too. I have to admit that Splunk is fucking expensive but it worths every penny you spend on it.Wazuh isn't a SIEM, I see wazuh as an HIDS on steroids, they want to add SIEM capabilities. If you want to become something like a SIEM you probably need the hive to manage alerts. I had to make the integration and it's not splunk but it works pretty well. Elk Siem is a bit more complete but I don't like the Elastic license.