The ELK stack is in active use in some areas, including for "cyber"
situational awareness. Big variations and scale of data and how many
viewers making use of the outputs (dashboards, reports). More likely
to be on the backend from most peoples' views.
Splunk provides some out-of-the-box elements that the other products
don't provide as easily. These can include integration with other
products using the product-native connector, or relaying to other
products such as SIEMs. Splunk has built-in enterprise capabilities
that help with alerting, dashboarding, selective access control, and
integration with SIEM and other products. Not necessarily cheap,
depending on your volume/velocity.
ELK and others are a more generic set of building blocks. Simple
"log aggregation" and limited scope reporting (internal team vs
end-users) can be done for the cost of infrastructure and
management. For shops with the willingness to "tinker" (write
integration code, manage infrastructure), you can do some really
interesting things that may not be as easy with Splunk. Think
connecting data in non-traditional ways. Groups already exploring
big data or cross-discipline data (not just security folks) will see
a lot of opportunities to explore.
O'Reilly just made a free report available that talks about the open
source world for "security data lakes", where ELK is one example:
http://radar.oreilly.com/2015/04/how-to-implement-a-security-data-lake.html
-----------------------------------------------------------------
email@hidden, CISSP, CGEIT
NASA GSFC Chief Information Security Officer
Information Technology and Communications Directorate
On 2015-04-28 16:27, Rowe, Walter
wrote:
How do all of these compare to splunk?
--
Walter Rowe, Application Hosting
Infrastructure Services / OISM / NIST
US Department of Commerce
Email: email@hidden
Office: 301.975.2885
On Apr 28, 2015, at 3:54 PM, Valentine, Colin M.
< email@hidden> wrote:
I suspect widely used based on secondary info
I've heard, but may not be that public. :-)
For an easy install, I use Graylog for monitoring non-work
related stuff that I run.
Open Source: https://www.graylog.org/
Commercial: https://www.graylog.com/
Colin
--
Colin Valentine
MITRE
cell: 339-223-6814
Office: 781-225-9213 DSN: 845-9213
On 4/28/15, 10:45, "Todd Heberlein" < email@hidden>
wrote:
Is the government using
Logstash, Elasticsearch, Kibana, etc.? And in particular,
is anyone using it to store, search, & analyze cyber
related data? Also, any experience standing up the
components on a Mac, or does everyone use Linux?
I’m debating on investing the time to standup a system
using these pieces, but I don’t have a good feel as to how
widely they are used.
Thanks,
Todd
PS. I am at the AFCEA C4ISR Symposium in San Diego this
week if any Fed-Talkers are here.
_______________________________________________
Do not post admin requests to the list. They will be
ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be
ignored.
Fed-talk mailing list ( email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
|