Is it possible to build SIEMs from different manufacturers?

A

Abdulyar2014-04-28 11:23:57

big data

Abdulyar, 2014-04-28 11:23:57

By itself, SIEM is not a final program, but consists of many components, such as a vulnerability scanner, collection and analysis of logs, correlation, etc.
Companies such as HP, RSA, IBM, Splunk, etc. offer their solutions. Open source alternatives are also possible. But all options have both their pros and cons, in addition, many solutions are designed for banks and businesses and enterprises.
My question is this: Is it possible to "assemble" SIEM by taking some components from the above manufacturers and combine it all into one system? Are there examples of them supporting each other?
The scale of the audience for which I am looking for a solution is >10,000 hosts.
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir Kamyshanov, 2014-05-07
@Abdulyar

Yes, it is possible. Moreover, in large companies it is difficult to avoid it. But be prepared that you will have to "finish" a lot with your own hands. Scripts, connectors, etc.
On my own example: HP + Symantec + IBM + McAfee. More components will be added.
There are partners among them, which simplifies integration (like Symantec and Microsoft), there are competitors, which still does not complicate it much. Although in any particular case, problems may well arise.