The more I read about SIEMs and "next-gen" SIEMs, the more I think a solid ELK stack will do me just fine. To be fair, I used to work for a SIEM vendor years ago, but I think a modern ELK stack with alerts for incidents I care about specifically may do me just fine.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.