Currently we have a SIEM and then we send the alerts through Graylog SideCar to Graylog. We aren’t happy with the SIEM. I am interested if anybody uses Graylog as their SIEM. If so how do you get pre-canned correlations like you would in a SIEM? Also how does it stay updated. Also I am having a hard time deciding between Wazuh as more of a HIDS or FileBeats. Wazuh can collect event logs and can also do other stuff. FileBeats/NXLog doesn’t seem to be a HIDS. What would the solution be for the client side? Setup Wazuh manager and then use Graylog SideCar to grab the logs? I just see Graylog pushing themselves as a SIEM more and more. I would like to know how to get there, or how other users have gotten there.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.