Networking IDS Correlation Question

From: samargul (samargul@nps.navy.mil)
Date: 01/28/02

Previous message: Aigars Grins: "Availability of libidxp"
Next in thread: John Kelly: "RE: Networking IDS Correlation Question"
Reply: John Kelly: "RE: Networking IDS Correlation Question"
Reply: Galappatti, Kishantha: "RE: Networking IDS Correlation Question"
Reply: Talisker: "Re: Networking IDS Correlation Question"
Reply: Jose Carlos Faial: "Re: Networking IDS Correlation Question"
Reply: Simon Edwards: "RE: Networking IDS Correlation Question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "samargul" <samargul@nps.navy.mil>
To: <focus-ids@securityfocus.com>
Date: Mon, 28 Jan 2002 12:54:13 -0800

I have been asked by one of my clients to purchase a program which
correlates Intrusion Detection System (IDS) data from network and host based
systems. My clients company is running ISS's RealSecure which is guarding
its perimeter and high value targets and a proprietary third party IDS which
is placed on many of its hosts. The software is searching for all sorts of
attacks, both internal and external to the network. Does anyone know of any
COTS software products which could aide in this problem? Most of the
client's enterprise networking is Windows NT 4.0 based. I have been looking
at ISS's
SAFEsuite Decisions™ and Enterasys Networks' Vulnerability Correlation Tool.

Looking for any opinions, suggestions, comments.

Thanks-
Scott Margulis
MCSE/MCP+I

Previous message: Aigars Grins: "Availability of libidxp"
Next in thread: John Kelly: "RE: Networking IDS Correlation Question"
Reply: John Kelly: "RE: Networking IDS Correlation Question"
Reply: Galappatti, Kishantha: "RE: Networking IDS Correlation Question"
Reply: Talisker: "Re: Networking IDS Correlation Question"
Reply: Jose Carlos Faial: "Re: Networking IDS Correlation Question"
Reply: Simon Edwards: "RE: Networking IDS Correlation Question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IDS is dead, etc
... > wouldn't call 'em an IDS, I think they're something different, much ... the host. ... Ensure Reliable Performance of Mission Critical Applications ... Precisely Define and Implement Network Security and Performance Policies ...
(Focus-IDS)
[fw-wiz] Corporate H/N IPS
... Two new categories will be Host and Network Intrusion Prevention Systems, ... IDS, they actively block traffic deemed as malicious, almost like a firewall ... previous names for a HIPS have included Network Node IDS ...
(Firewall-Wizards)
Re: 2 pc network - cant see host files from pc 2 on pc 1
... If the second card is lost on HOST PC then DSL Internet does not connect. ... Ditch the second network card in the one ...
(microsoft.public.windowsxp.security_admin)
Re: Emailing web form information to me
... Which version of Publisher are you using? ... both FTP uploading and FPSE uploading. ... use of FPSE and using the form program provided by your host? ... Instead you need to map a network ...
(microsoft.public.publisher.webdesign)
2wire router configuration
... firewall on this router and to configure my network ... Go to Home Network -> Advanced Settings ... X Default DHCP Pool ... Configure host to use DHCP with host name sent ...
(comp.unix.bsd.freebsd.misc)