nicole pauls if you get a chance you should check out the service that the folks over at ThreatStream have put together. I just had a conversation with them today and what they have is pretty awesome. I did mention that we use LEM as our SIEM and therefore have no native ability to consume the data from their feed. They noted that since they are a newer company they are very agile at working with different SIEM solution providers to integrate with their technologies and he suggested that they may be reaching out to you as another SIEM to work to integrate with. They have already integrated with different SIEM solutions and consider themselves "SIEM agnostic" despite the fact they were born from ex-ArcSight employees. I just thought I should point this all out.
↧