Hey everyone! My infra team is currently searching for a new log aggregation system that can collect logs from various sources, such as Cisco network appliances, DNS and DHCP logs from domain controllers, unstructured application logs created by our developers, and some Windows event logs. I've previously used Splunk, but I find it a bit expensive. Ideally, I'd like to utilize AWS S3 for data storage and have a visualization and search layer above it. I'm really interested in hearing about anyone's experiences or recommendations for tools or approaches that could help. Thanks!
1 Answer
We've had great success with Rapid7; it’s been the most cost-effective SIEM for us. It offers solid pricing and is easy to maintain without constant oversight. In the past, I also used Wazuh—it was affordable but required more hands-on work for updates. Alienvault, however, was a nightmare for us; I wouldn't recommend it. On the pricier side, Sentinel is impressive but has inconsistent pricing that can be a turn-off for many.
Could you share how much you’re paying for Rapid7? Just curious if it’s affordable for a smaller team too.