...there is confusion about “what is a SIEM?” vs “what is a log manager?” It is entirely possible that your IT and security requirements call for log aggregation and rapid log search – and for nothing else (so you only need log management). It is just as possible that they call for a robust real-time monitoring based on correlation and analytics, lots of security dashboards, etc (so you need both SIEM and log management, as we say here, and also perhaps a UEBA).
REF: http://blogs.gartner.com/anton-chuvakin/2017/07/26/siem-or-log-management/
沒有留言:
張貼留言