Skip to main content

Hello,

i am looking for siem with Veeam in private cloud - without sending logs to public cloud to analyze threads

somethings what could be isolated - logs cannot be sent into internet/public cloud.

maybe with some AI (as main reason to have option to analyze logs for threads), which could update its signature from internet, is possible

Any suggestions are welcomed

thank you

Hi ​@Marcel.K -

If memory serves, the only one I’m aware of for private cloud option is Fortinet. Not sure how ‘mature’ they are. We tried them out for a little bit for a POC but decided to go with Splunk. My Security Admin tested out a few (Elastic was our 3rd option..but, like Splunk, are Public Cloud-based).

Best.


Splunk is a great one which we use for this.  Also having the app for Veeam is great.


Yeah, but Splunk is Public Cloud I believe...not private?


Yeah, but Splunk is Public Cloud I believe...not private?

Nope we use it on premise no cloud.  😉


Maybe https://wazuh.com/ is an option for you. I saw an article from Ian Engelbrecht about it with VBR integration. Still have it on my things to check/do list..

https://www.mritsurgeon.co.za/2024/01/orchestrating-cybersecurity-resilience.html

 

 Best, Markus

 

 


Yeah, but Splunk is Public Cloud I believe...not private?

Nope we use it on premise no cloud.  😉

YAY!...I learned something new today 😂 Thanks Chris! ha


Maybe https://wazuh.com/ is an option for you. I saw an article from Ian Engelbrecht about it with VBR integration. Still have it on my things to check/do list..

https://www.mritsurgeon.co.za/2024/01/orchestrating-cybersecurity-resilience.html

 

 Best, Markus

 

 

Yeah Wazuh is a pretty good one.  Steep learning curve I found though and not very intuitive.


I would recommend Splunk or Qradar. I remember that Qradar supports local threat-analysis and it integrates with Veeam. 


Hello coolsport00Chris.Childerhoseteha, Dynamic,

thank you very much for you answers.

I will try Splunk and Qradar and i will look on Wazuh, as they could be setup in isolated environment and integration with Veeam is good feature for them.


Comment