One of the industry leaders in proprietary software SIEM solutions. To really benefit from a SIEM you need to be dumping as many different types of logs to your SIEM to analyze. If money wasn't an option, this would be a no-brainer as you do not have to go through the struggles of setting up all the moving parts that you have to with Open-Source solutions. Having said that, Splunk can be quite pricey as you are charged by the GB of input per day which can become quite large depending on how large your organization may be, but if you consist of a small security team, the amount of time you may spend attempting to troubleshoot your Open-Source solution may very well be worth it. If you end up purchasing support for one of the Open-Source solutions, you can potentially break even by going this route.


The sky is the limit with the ELK stack. You can visualize the data however you want, this option is very similar to Graylog. The issue with the ELK stack though is that it has quite a learning curve. Kibana is the visualization application of the ELK stack and allows you generate all sorts of charts with your data. If you are coming from the Windows world, the configuration files can be a bit of a learning curve, which can make setting up the Logstash and ElasticSearch applications a little hard to get up and running correctly, but it can be quite rewarding as there are very few limitations to what is possible with this setup.


If your idea is to get a SIEM Solution up and running as fast as possible, it doesn't get easier than Graylog. Not only is it free and easy to setup, like the ELK stack, there are very little limitations to what you can do with this setup. It is very similar to the previous option, as it utilizes the open source "document store" known as ElasticSearch, but if you want to get really fancy with all your charts, it is not as robust as Kibana, but there is more than enough capabilities of Graylog. There are Virtual Machines that Graylog offers that can be spun up quickly or you can set it up from scratch, which is quite easy as well, it just does not come with all the built in commands. We will go into Graylog a bit more since this site focuses on using this applications strictly as a SIEM Solution and because this is my preferred option.