RE: Networking IDS Correlation Question
From: Galappatti, Kishantha (Kishantha.Galappatti@gs.com)Date: 01/28/02
- Previous message: John Kelly: "RE: Networking IDS Correlation Question"
- Maybe in reply to: samargul: "Networking IDS Correlation Question"
- Next in thread: Talisker: "Re: Networking IDS Correlation Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Galappatti, Kishantha" <Kishantha.Galappatti@gs.com> To: 'samargul' <samargul@nps.navy.mil>, focus-ids@securityfocus.com Date: Mon, 28 Jan 2002 14:29:07 -0500
scott,
If your client is already using ISS Realsecure, Safesuite Decisions is the
way to go IMHO. If your looking to co-relate firewall logs also, Decisions
supports Checkpoint FW-1 but not any others AFAIK.
--kish
-----Original Message-----
From: samargul [mailto:samargul@nps.navy.mil]
Sent: Monday, January 28, 2002 3:54 PM
To: focus-ids@securityfocus.com
Subject: Networking IDS Correlation Question
I have been asked by one of my clients to purchase a program which
correlates Intrusion Detection System (IDS) data from network and host based
systems. My clients company is running ISS's RealSecure which is guarding
its perimeter and high value targets and a proprietary third party IDS which
is placed on many of its hosts. The software is searching for all sorts of
attacks, both internal and external to the network. Does anyone know of any
COTS software products which could aide in this problem? Most of the
client's enterprise networking is Windows NT 4.0 based. I have been looking
at ISS's
SAFEsuite Decisions(tm) and Enterasys Networks' Vulnerability Correlation
Tool.
Looking for any opinions, suggestions, comments.
Thanks-
Scott Margulis
MCSE/MCP+I
- Previous message: John Kelly: "RE: Networking IDS Correlation Question"
- Maybe in reply to: samargul: "Networking IDS Correlation Question"
- Next in thread: Talisker: "Re: Networking IDS Correlation Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
