top | item 31536421 (no title) nonane | 3 years ago > A better way to handle it (imo) is to just enable VPC flow logging and pull the cloudwatch stream into your SIEMThank you. Any recommendations for SEIM for a small company? discuss order hn newest Forbo|3 years ago I'd say just spin up a SecurityOnion stack. It's essentially a "SOC-in-a-box". I had a proof of concept machine spun up and generating alerts off of replayed PCAPs in a day. spydum|3 years ago check out managed instances like azure sentinel
Forbo|3 years ago I'd say just spin up a SecurityOnion stack. It's essentially a "SOC-in-a-box". I had a proof of concept machine spun up and generating alerts off of replayed PCAPs in a day.
Forbo|3 years ago
spydum|3 years ago