Unfortunately, the OSE doesn't provide any support though it does offer a limited support agreement. So, if you have a good Unix or Linux administrator who can supply the needed amount of time to configure everything then it's free minus the time they would spend (which is going to be significant initially) out of the box. It does give you basic monitoring of system-level stuff, disks, processes and users.
Advanced configuration is time-consuming for whoever is tasked, and unfortunately, some false positives will be experienced initially. I set up the basics for a customer once.
If you have a little money I'd suggest the Enterprise version of the product: thousand of plugins, and the console has functionality that the OSE doesn't include which will make the life of whoever is responsible a little easier.
If you have a small enterprise then that's a good sensibly affordable solution.
There's a lot of other more granular products that can be configured to stand up and dance if you hire experts to provide the care and feeding.
Search for a product comparison in Business Activity Monitoring
Can you be more specific? If you search this site for 'threat detection' you get lots of different technologies: MDR, XDR, UEBA, IDPS, etc.
I have used a threat intelligence services, as well as UEBA, and 'threat hunting' services with MDR as well as traditional IPS/IDS and other layered services. Each one detects threats differently - by external intelligence, by network activity, by host activity.
The users of PeerSpot evaluated event monitoring software to determine the most important aspects of a product. The consensus was that the tool must operate strong data collection with an intuitive filtering system so as to provide enough, but not too much, information that can be drilled-down. Users were also concerned with the software's ability to customize displays per user requirements. Other key features included accuracy, dynamic but simple user interface, and alerts.
Off the cuff, I would suggest Nagios.
Unfortunately, the OSE doesn't provide any support though it does offer a limited support agreement. So, if you have a good Unix or Linux administrator who can supply the needed amount of time to configure everything then it's free minus the time they would spend (which is going to be significant initially) out of the box. It does give you basic monitoring of system-level stuff, disks, processes and users.
Advanced configuration is time-consuming for whoever is tasked, and unfortunately, some false positives will be experienced initially. I set up the basics for a customer once.
If you have a little money I'd suggest the Enterprise version of the product: thousand of plugins, and the console has functionality that the OSE doesn't include which will make the life of whoever is responsible a little easier.
If you have a small enterprise then that's a good sensibly affordable solution.
There's a lot of other more granular products that can be configured to stand up and dance if you hire experts to provide the care and feeding.
Can you be more specific? If you search this site for 'threat detection' you get lots of different technologies: MDR, XDR, UEBA, IDPS, etc.
I have used a threat intelligence services, as well as UEBA, and 'threat hunting' services with MDR as well as traditional IPS/IDS and other layered services. Each one detects threats differently - by external intelligence, by network activity, by host activity.
@Stuart Berman thanks for your answer!
If we're talking about MDR and XDR solutions, which one would be a budget one?