https://securityonion.readthedocs.io/en/latest/about.html SecurityOnion与OSSIM(也叫AlienVault)对比 I use them both (AV and SO) in parallel, and while they are similar in many respects they both have different strengths. 我同时使用了它们(AV和SO),尽管它们在许多方面都相似,但是两者都有不同的优势。 AlienVault centrally captures and logs a lot of different data from many different data sources: syslog from devices, Windows Event Logs, vulnerability scan results, Snort/Surricata, etc. This itself is not too different from SO, but AV then correlates and cross correlates……

阅读全文