i know that´s the topic have a long history :) but what´s the current in 2017 q4 ?
in our mix windows infrastructure (win7-10, win server 2008-2016) we have to choose nxlog or ossec.
i am on the right way then ossec have more option as it´s hids and it could be forward all events, too
nxlog is a "simple" event forwarder
is there any pro or cons against ossec or it´s better to choose nxlog?
have you got the feeling/impression that alienvault focus more on nxlog as on ossec? e.g the new plugin for sysmon is just on nxlog..
btw. let us be realistic that sysmon is very great tool and i can´t understand why just on nxlog?!??!? the rule/decoder for ossec are already on the market...
or maybe both? like siemonster use it?
thx guys for your help