I run an in-house deployment using the Docker conf they supply. It requires a couple of hours per month and mainly a lot of disparate skills.
The real thing that takes time is the installation and configuration of the rules and agents. That’s something that you have to do for any SIEM really, irrespective of open source / paid: you have to understand your nominal feed and that takes time.
I run an in-house deployment using the Docker conf they supply. It requires a couple of hours per month and mainly a lot of disparate skills.
The real thing that takes time is the installation and configuration of the rules and agents. That’s something that you have to do for any SIEM really, irrespective of open source / paid: you have to understand your nominal feed and that takes time.