I'm diving into my first security project on AWS, and I need to do some log analysis. I'm in search of a solid Security Information and Event Management (SIEM) solution that fits these criteria: it should work really well with AWS, be free of charge, and ideally, it would have some mapping or visualization features—like showing the geographical locations tied to IP addresses on a global scale. If anyone has some recommendations, I'd really appreciate it! I'm specifically working with logs captured on a Windows 10 EC2 instance, focusing on failed login attempts.
4 Answers
Wazuh is another excellent choice. It's open-source and works well with AWS. Plus, it has some great features for monitoring and security alerts. Definitely worth a look!
Have you tried Graylog? It's a solid option for log management and supports AWS environments. It's also free and has some capabilities for visualizing data, which might help with your analysis.
Sumo Logic is also a great option, though double-check if their free tier meets your needs. It integrates well with AWS and has some good features for log analysis. Worth looking into!
You might want to check out Splunk. They offer a free security app that’s pretty useful, though it has a limit of 500MB of indexed data per day. It could be a good fit for your project!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures