Security Compliance Monitoring in a Virtual "Cloud" tied to Risk Management Framework

I've been wanting to do this for some time now.  Build a "security compliance monitoring solution in-a-box".  A virtual box that is.  My VMware lab server has about 8 virtual machines running all sorts of clients and servers, of several OS types, and I thought it would be great to design and deploy an entire security solution based on the MONITOR aspect of regulatory compliance frameworks.  I came up with the drawing below:

 

The challenge I've given myself is:  Can I do this all with opensource software and can it be monitored/managed easily with as many automation functions using custom scripting where possible.  Within 10 minutes I had four VMs fired up installing (Simultaneously) a network IDS/IPS server, a SIEM, a Vulnerability Scanner and an all-in-one Firewall/Router/Proxy/web-content-filter appliance.

 

Next I'm looking into a DLP (Host and Network) solution.  Then on to the exciting part, to INTEGRATE THEM ALL!  I'll be installing agents on the clients I already have (Windows XP, 7, Ubuntu/Debian and Redhat/Ubuntu) in the virtual environment.