4 Replies Latest reply on Jul 27, 2017 3:14 PM by rth67

    Enteprise Security manager


      Hi Experts,


      Need your advice as we are planning to implement SIEM solution in our environment.


      Does ESM has built in log management to monitor windows, applications, services and correlate logs ?


      Should we also buy ELM with ESM to manage logs ?


      Please advice what is best.




        • 1. Re: Enteprise Security manager

          Yes, the ESM will meet your requirements. If you get an all in one box (or virtual machine) the ELM will be included as a feature as well.

          Separately, the ELM, is used where compliance is needed because it stores all the raw data, as compared to the ESM which stores the parsed log in its database.

          • 2. Re: Enteprise Security manager

            Is there a combo box that does ETM, ERC, correlation and ELM functions?

            • 3. Re: Enteprise Security manager

              Hi Syed,


              There is a combo box that gives you ESM, ELM, ERC and basic correlation - there's also a virtual machine that has the same spec. But if you want to do any extended correlation you'd have to plug an ACE into it.

              • 4. Re: Enteprise Security manager

                If you ever want to see all of the logs that were aggregated together you have to have an ELM or an ELS (not yet for sale).

                When viewing the "Packet" data from an event that was aggregated or is an individual event, the ESM pulls the packet from the ERC, so the raw packet of the last packet aggregated is available as long as it resides on the ERC.

                That will depend on your ERC's volume, we have some smaller appliances that we have data back several years, and others that only hold about a month of data. Once the packet rolls off the ERC, you have to pull from the ELM (or ELS).