>please assist

Please talk to the vendor :-)

Scribe (and flume) is smth I wanted to test first before adding to the list; but now I am too busy to do that, sorry!

What's up with misspelling SIEM as "SEIM"?

Thanks for the comment. Unfortunately, such view of SIEM as "a meta-IDS" is extremely shortsighted. SIEM is neither a better IDS, nor meta-IDS.

RT alerting on known threats (via correlation, or simply filtering "right" alerts from IDS, etc) is definitely within its mission, but it is not its entire mission. Investigative use and other data exploration are successfully done with many SIEM tools (those with not-too-slow backends....)

On the other hand, I am TOTALLY with you on the stored data analysis (e.g. see this www.slideshare.net/anton_chuvakin/log-mining-beyo... where I applied data mining to SIEM data a few years ago); I really want to see more big-data/analytics approaches to SIEM ASAP.

Well, a commercial SIEM will have hundreds of supported log types, but at cost of $$

In splunk you can just search with no "log support", but often I wanted a nice aggregated summary thus the above comment

Indeed, splunk would be my #1 choice for searching and I will do some exploration there as well, but having a need to summarize logs that splunk might not support comes pretty often in such circumstances... e.g. no N=V pairs, not nicely structured logs, etc.

Thanks a lot! Regarding Stamford, I was there last week :-( No immediate plans to go back, but it might well happen.

Well, not to worry: blogs.gartner.com/anton-chuvakin

Thanks!!

It might be offered again in the future, but I have no additional info at this stage