Sampel
Sampel
Here's the updated table with descriptions for both free and paid tools:
|--------------------|-----------------------------------------------|-----------------------------------------------------------------|
-------------------------------------------------------------------|-----------------------------------------------------------------|
| SIEM | ELK Stack (Elasticsearch, Logstash, Kibana) | ELK Stack is a collection of open-source
tools for log management, including Elasticsearch (search and analytics engine), Logstash (data collection
and processing), and Kibana (data visualization). It can be used for building a SIEM solution when
integrated with Wazuh. | [Splunk Enterprise Security](#) <br> [LogRhythm](#) <br> [ArcSight](#) <br>
[McAfee Enterprise Security Manager](#) <br> [SolarWinds Security Event Manager](#) <br> [LogPoint]
(#) | Splunk Enterprise Security is a SIEM solution offering advanced log management, correlation, and
security incident response capabilities. LogRhythm is a SIEM platform providing log management,
security analytics, and threat detection capabilities. ArcSight is an enterprise SIEM solution offering real-
time threat detection and compliance reporting features. McAfee Enterprise Security Manager offers
SIEM and log management capabilities for threat detection and compliance monitoring. SolarWinds
Security Event Manager is a SIEM solution providing real-time threat detection and automated response
features. LogPoint is a SIEM platform offering log management, threat hunting, and compliance
reporting functionalities. |
| Threat Intelligence | MISP (Malware Information Sharing Platform) | MISP is an open-source threat
intelligence platform for sharing, storing, and correlating Indicators of Compromise (IOCs) about targeted
attacks, malware, and adversaries. | [ThreatConnect](#) <br> [Anomali ThreatStream](#) <br> [Recorded
Future](#) <br> [Intel 471](#) | ThreatConnect is a threat intelligence platform offering threat data
aggregation, analysis, and sharing capabilities. Anomali ThreatStream is a threat intelligence platform
providing threat detection and response solutions. Recorded Future is a threat intelligence platform
offering real-time threat intelligence and analysis services. Intel 471 is a cyber threat intelligence
provider offering actionable threat intelligence and analysis solutions. |
| Endpoint Protection | OSSEC (integrated with Wazuh), Sysmon | OSSEC, integrated with Wazuh,
provides host-based intrusion detection, file integrity monitoring, and rootkit detection. Sysmon is a
Windows system service that monitors and logs system activity. | [Carbon Black](#) <br> [CrowdStrike
Falcon](#) | Carbon Black offers endpoint protection solutions with advanced threat hunting and
response capabilities. CrowdStrike Falcon is an endpoint security platform offering threat detection and
response solutions. |
| Log Management | syslog-ng, rsyslog, Logstash, Fluentd | syslog-ng and rsyslog are open-source
log collection utilities for UNIX-based systems. Logstash and Fluentd are open-source data processing
pipelines. When combined with Wazuh, they can be used for log collection and forwarding to the SIEM. |
[Splunk Enterprise](#) <br> [ArcSight Logger](#) <br> [LogRhythm](#) <br> [LogPoint](#) | Splunk
Enterprise is a log management and SIEM solution offering advanced log analysis and visualization
features. ArcSight Logger is a log management solution offering log collection, storage, and search
capabilities. LogRhythm is a log management and SIEM platform providing real-time threat detection and
response capabilities. LogPoint is a log management and SIEM solution offering log analysis, correlation,
and compliance reporting functionalities. |