• Support
  • Forums
  • Blogs

Speed up SIEM searches

avuseraccountavuseraccount

New Life Form
+2
Every other product I have worked with properly indexes fields and allows for quick searching. Please work on this area. Searches are basically not worth it in the SIEM. We try to avoid it when we can (kind of defeats the purpose of the SIEM to begin with). 

Please consider altering the interface to something more like Splunk, ELSA, ElasticSearch to allow for dymanic query building, selecting of input data, and free form input.
rdiethtobias.ruehleBBanks
Tagged:

Share post:

Comments

  • hey, that´s would be very cool....
    securityonion, wazuh and so on are already on that pitch...
    any news here?


  • or graylog but just as frontend...it´s use as well mongodb 


    i believe it´s the better option because within graylog you have role base right mgmt out of box 
    within elk you have to buy the elk shield...

    let us be realistic..it´s look a little bit better modern as the current version/function in alienvault :) 
    OpenEdge
  • the database queries have been a complaint for a while now, the HIDS datasource is essentially broken at this point due to how long it takes. i think it was announced that it would be updated in an update but no ETA on release date. also it appears as thought AV is moving away from the appliance and moving towards the cloud platform
    OpenEdge
  • i can confirm that the queries are not optimal.
    and hopefully they will not forgot the paying customer which prefers the on premise solution!

    @alienvault
    any news here?
    OpenEdge
  • Just putting in the option for SIEM search to put  Last X minutes, or Last X hours would make a huge difference.  Why does the smallest period of time have to be 1 day.   This is a huge reason why I would consider moving to a different SIEM solution.
Sign In or Register to comment.