RE: Centralized Logs for IDS
From: George Milliken (gmilliken@farm9.com)Date: 12/04/01
- Previous message: Ralph Logan: "RE: IDS recommendations"
- In reply to: Matthew F. Caldwell: "RE: Centralized Logs for IDS"
- Next in thread: Paul W. Stoecker, Ph.D.: "IDS on Switched Networks"
- Reply: Paul W. Stoecker, Ph.D.: "IDS on Switched Networks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "George Milliken" <gmilliken@farm9.com> To: "'Matthew F. Caldwell'" <mattc@guarded.net>, 'Yune Sung ¼ºÀ±±â' <yune@kisa.or.kr>, "'Yoann Le Corvic'" <Yoann.LeCorvic@linkvest.com>, <focus-ids@securityfocus.com> Date: Tue, 4 Dec 2001 08:47:46 -0800
Check out farm9.com Harvester. It's a cross platform system based around
open source components such as OpenBSD and SNORT.
The company has case studies of successful/happy installs they can share
with you. Harvester works with any mix of vendors IDS's, firewalls,l
routers, etc.
Regards,
George Milliken, CEO
------------------------------------------------------
farm9 Managed Security Solutions
------------------------------------------------------
-----Original Message-----
From: Matthew F. Caldwell [mailto:mattc@guarded.net]
Sent: Monday, December 03, 2001 6:59 AM
To: Yune Sung ¼ºÀ±±â; Yoann Le Corvic; focus-ids@securityfocus.com
Subject: RE: Centralized Logs for IDS
Warning: Marketing Message
You should check out neuSECURE by GuardedNet (www.guarded.net). I am
obviously biased since I co-wrote it, but it will do just about everything
most security operations need -
centralized logging with real time event view, real time correlation and
threat analysis, plus has a ton of security tools built (nmap, whois etc
etc) in for making the job of monitoring and analysis quicker and easier.
The architecture is very scalable and can handle massive event load. Some
large banks and MSP's have selected us as technology of choice after
reviewing everything else out there. For more info, you can contact me
off-list at mattc@guarded.net
Matt Caldwell, CISSP
Chief Security Officer
GuardedNet Inc.
404-442-9909
-----Original Message-----
From: Jamie French [mailto:J.French@whitehats.ca]
Sent: Sunday, December 02, 2001 6:47 PM
To: focus-ids@securityfocus.com; Ryan.Benisek@hq.doe.gov;
Yoann.LeCorvic@linkvest.com
Subject: RE: Centralized Logs for IDS
I would recommend checking out Intellitactics NSM at
http://www.itactics.com/.
I have experience with NetForensics and found it to be a little slow and
no where nearly as functional as NSM. Have fun on your hunt.
Regards,
Jamie French
www.whitehats.ca
*******************************************************
I have been been researching Tivoli Risk Manager also. Any thoughts on
this
product would be greatly appreciated.
Ryan Benisek
Systems Engineer
Verizon, Inc.
-----Original Message-----
From: Yoann Le Corvic [mailto:Yoann.LeCorvic@linkvest.com]
Sent: Friday, November 30, 2001 1:08 PM
To: focus-ids@securityfocus.com%internet
Subject: Centralized Logs for IDS
Hi All
I am studying different ways to centralize logs from different products
and platforms, to be able to correlate events to detect intrusions. This
is to be used with Solaris, Real Secure, FW-1, NT/2000
I have already a list of products I looked into, but not tested:
Tivoli Intrusion Manager
Netforensics
Infovista
Netsecurelog
Webtrends Firewall Reporting Center
Logsurfer
Anyone has any good/bad experience with those products ?
Any other solutions FREE/COMMERCIAL ?
*******************************************
Yoann Le Corvic
Ingénieur d'Etudes Sécurité et Informatiques
-----Original Message-----
From: Yune Sung ¼ºÀ±±â
Sent: Sun 12/2/2001 8:29 PM
To: Yoann Le Corvic; focus-ids@securityfocus.com
Cc:
Subject: Re: Centralized Logs for IDS
As from Information Security Magazine, a IDS, called as Meta IDS, is being
introduced into IDS field, which is like what you are searching for.
A meta IDS can interpret different appliances's alert. It has been working
at IDWG,
which defines data formats and exchange procedures for sharing information
of interest to intrusion detection and response systems, and to management
systems which may need to interact with them.
Currently, the most approaching product is Intrusion Vision(IV) of
Motorolla. It is said that it can support NFR 5.0, Shadow, Kane Security
Enterprise, Snort...
Please refer to "Information Security Magazine, August 2001".
regards,
Yune Sung,
SYG,
IDS Evaluation,
Korea Information Security Agency
------------------------------------------------
e-mail :
yune@kisa.or.kr
yune@netian.com
Fax : 82-2-405-5369
Tel : 82-2-405-5366
Cell : 82-11-706-7565
http://www.kisa.or.kr
------------------------------------------------
Even if a TOE security function cannot be bypassed, deactivated, or
corrupted, it may still be possible to defeat it because there is a
vulnerability in the concept of its underlying security mechanisms.
Yoann Le Corvic wrote:
> Hi All
>
> I am studying different ways to centralize logs from different products
> and platforms, to be able to correlate events to detect intrusions. This
> is to be used with Solaris, Real Secure, FW-1, NT/2000
>
> I have already a list of products I looked into, but not tested:
> Tivoli Intrusion Manager
> Netforensics
> Infovista
> Netsecurelog
> Webtrends Firewall Reporting Center
> Logsurfer
>
> Anyone has any good/bad experience with those products ?
> Any other solutions FREE/COMMERCIAL ?
>
> *******************************************
> Yoann Le Corvic
> Ingénieur d'Etudes Sécurité et Informatiques
- application/ms-tnef attachment: winmail.dat
- Previous message: Ralph Logan: "RE: IDS recommendations"
- In reply to: Matthew F. Caldwell: "RE: Centralized Logs for IDS"
- Next in thread: Paul W. Stoecker, Ph.D.: "IDS on Switched Networks"
- Reply: Paul W. Stoecker, Ph.D.: "IDS on Switched Networks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
