RE: reporting tool

From: Matthew F. Caldwell (mattc@guarded.net)
Date: 10/29/01

Previous message: Michael Coliton: "Re: Host based IDS methodology and testing"
Maybe in reply to: uki: "reporting tool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Subject: RE: reporting tool
Date: Mon, 29 Oct 2001 08:46:00 -0500
Message-ID: <5F90051829384341A2594688C59DB9E4017F5F@guardedn-oee6xi.guarded.net>
From: "Matthew F. Caldwell" <mattc@guarded.net>
To: "uki" <uki@sympatico.ca>, <focus-ids@securityfocus.com>

Ross,

   My company has designed a tool for security analyst and management by
security analyst. It does most of what you want, from your post. But, it
also takes in vulnerability information from Nessus(and others) and
correlates that with your event stream data. The software also contains
a form of anomaly detection for threat analysis. We use Open source
"plug able" applications, in our software and you can add your own. The
only problem with true open source is that the databases that contain
the security data get very big, and big databases sometimes crash. You
want to be able to call up support, and you want to also prove the data
is truly valid (for chain of custody reasons etc) If your going to use
the data for legal recourses you need to have proof the data wasn't
altered. The interface is web-based runs on and runs on Linux or
Solaris.

Matthew F. Caldwell, CISSP - Chief Research Officer - GuardedNet, Inc. -
mattc@guarded.net <mailto:Inc.mattc@guarded.net>

-----Original Message-----
From: uki
Sent: Sun 10/28/2001 9:11 AM
To: focus-ids@securityfocus.com
Cc:
Subject: reporting tool

        Hi All,

        My company is looking for tool which will collect logs from
Cisco PIX, IDS,
        routers, Unix sys-logs, NT event logs, Apache , IIS , Snort and
create different
        reports and be able to help in drilling down this reports.

        Currently we are looking in to Netforesics tool. Is it possible
to find a similar
        tool running on Linux and be Open Source (free).

        thanks,

        Ross Zekic
        Security Analyst
        EDS - Canada

application/ms-tnef attachment: winmail.dat

Previous message: Michael Coliton: "Re: Host based IDS methodology and testing"
Maybe in reply to: uki: "reporting tool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Free Reports
... this app needs at least ... The world of .NET doesn't have a free report ... developed to the stage it would became the best reporting tool:) [same ... open source available... ...
(microsoft.public.dotnet.languages.csharp)
Open Source software for ISO17799 support
... package) as Open Source. ... The Database of Managed Objects is a tool used to establish an ... Essentially this is a reporting tool, ...
(comp.security.misc)