How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
There are around 150 pre-built use cases. One of the major use cases is when somebody tries to fiddle with logs, Elastic SIEM creates an alert because logs are the most critical things from the security aspect. For example, I have more than 1,000 terminals, which can be desktops, laptops, or any sort of servers. If somebody tries to delete Windows logs, Elastic SIEM immediately generates an alert indicating that somebody is trying to fiddle with the logs. Elastic SIEM sends me a pop-up message as well as an email.
We plan to use it to analyze the data that we're pumping into it from Active Directory and from firewalls, then we'll pass that information onto our own external SOC.
This is a log aggregation tool and we are using it for security purposes. There are 145 pre-built use cases, but we are still making some ourselves. One we built is an alarm for log deletion. For example, if a hacker tries to delete the log from a bank machine then it will raise an alarm immediately. A second use case is an alert for too many false login attempts, perhaps indicating a brute-force attack.
We want to track and to respond to our security incidents. That's the main reason we use it, to analyze and see like what all the incidents that are happening. We also deploy it for some of our clients.
Elastic SIEM is used to monitor and deal with system log files.
We use Elastic SIEM for security and analytics.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
I am the technical director of a science and technology division for the government.
Which SIEM solution would deliver the best ability to identify, protect, detect, respond and recover from a cyber attack?
Thanks! I appreciate your help.