Ok, splunk is king. This is fully granted. But, for many companies, there is a need for a quick and cheap combination of a WAF and SIEM. Could this be a use case for Apache reverse proxy + modsecurity for the WAF part, and ELK for the SIEM part? Of course, all modsecurity logs would be shipped securely to the ELK back-end, put on a separate network.
Ok, splunk is king. This is fully granted. But, for many companies, there is a need for a quick and cheap combination of a WAF and SIEM. Could this be a use case for Apache reverse proxy + modsecurity for the WAF part, and ELK for the SIEM part? Of course, all modsecurity logs would be shipped securely to the ELK back-end, put on a separate network.