I am curious if anybody has done any work to integrate LEM as a component in a larger IDS/IPS system? If you have done something like this or have through of doing something like I this I would love to hear about the design and how it worked? It seems that LEM (or any good SIEM) should work well in this role.
↧