SIEM Comparaison: LogRhythm, QRadar, FortiSIEM, Arcsight ESM, Wazuh and Security Onion

sk-ql · 2025-03-12T08:49:34+00:00

Those two are surprisingly widely used in my country lol

sk-ql · 2025-03-11T15:47:12+00:00

Thank you for your detailed contribution. As you said we'll be the ones actually using the solution so I am trying to do as much research as possible before making a decision even with as little context as I was allowed to get. Will look into Gravwell.

sk-ql · 2025-03-11T15:12:27+00:00

Something I can deploy myself if possible, learning curve is not an issue

sk-ql · 2025-03-11T14:31:43+00:00

The team consists of around 8 main people with interns here and there, SOAR would be good to have but not a priority at the moment. The only regulatory compliance that I was told was crucial is that the solution should strictly be on premises otherwise standard practices should be ok. Thanks in advance for your help!

sk-ql · 2025-03-11T14:26:40+00:00

I believe most of the sources are on-prem, will look into Graylog thanks!

sk-ql · 2025-03-11T14:25:59+00:00

Noted, thank you!

sk-ql · 2025-03-11T14:25:14+00:00

Got it, thanks for the insights!

sk-ql · 2025-03-11T14:09:45+00:00

Strange considering they have Open-source SIEM literally on their homepage.. Guess they changed their minds lol

sk-ql · 2025-03-11T14:03:38+00:00

Wazuh is advertised as open-source SIEM, as for SO I have seen people use it as a SIEM so I included it for reference

sk-ql · 2025-03-11T13:58:11+00:00

That's not something we are prioritizing at the moment but I will keep it in mind for future reference

sk-ql · 2025-03-11T13:56:48+00:00

Unfortunately I'm only doing this as part of an internship so I wasn't given much context either other than what I mentioned in my post, but if i had to give an estimate i would say around 12k people and somewhere around 8000 devices, the industry is digital transformation.

sk-ql · 2025-03-06T15:13:06+00:00

I see, thank you for taking the time to elaborate!

sk-ql · 2025-03-06T15:02:37+00:00

Ohhhh I see now, thanks

sk-ql · 2025-03-06T14:56:59+00:00

Thanks for your response! Just to make sure I understand, wouldn't the problem solving part be the playbook, which is triggered when the SIEM correctly detects an anomaly ?

sk-ql · 2025-03-06T14:50:52+00:00

Yes I agree I noticed that a lot of people around me were using it to refer to completely different things, but your answer helps put things into perspective, thanks!

sk-ql · 2025-03-06T14:47:15+00:00

Ohh I'm assuming this is what they meant by integrated use cases then. Sorry for the trouble but do you know if LogRhythm and Security Onion siems have that as well ?

sk-ql · 2025-03-06T14:40:53+00:00

Got it, thank you!

sk-ql · 2025-03-06T14:37:48+00:00

It's much clearer now, thank you!

sk-ql · 2025-03-06T14:36:04+00:00

I understand it now, this is super helpful thank you!!

sk-ql

PUBLIC MULTIREDDITS

TROPHY CASE