Hello,

I'm currently in the market for a new SIEM and wanted to know what everyone recomends. I know that according to the SIEM it will be based on either Events Per Second (EPS) or Hosts. Right now I'm looking for a solid SIEM for a medium sized business. So far I've looked at (Q1 Labs, RSA, High Tower, Cisco, Trigeo, and ArcSight. I'm currently running one from eIQ networks that I'm looking to have replaced when the support contract is complete. Any suggestions or advice?

Scucci

I worked w/ Novell's Sentinel. It's a great tool, very fast interface and you can set commom commands you migth use during your workday, but it's very hard to get it up and running and also, you should have a specialized person to keep it running smooth.
Also, you have to learn a new rule syntax to get your things done. Yep. it is proprietary query language. This way you may loose something important if you are not very skilled in their querying language.
Another one you can use is IBM's TSOM. It's java, but it is fast. Cool Interface, easy to use, but it isn't very pratical. All rules you can create are based in closed statements, so you can't script your way out to get incidents.
You can set your prefered commands to be a right-click for from lyou, we are having some bug issues here, but afterall it's a good SIEM.

Rodrigo Salvalagio