Re: Networking IDS Correlation Question

From: Jose Carlos Faial (faial@rio-de-janeiro.sns.slb.com)
Date: 01/29/02 

Date: Tue, 29 Jan 2002 15:13:08 -0200
To: "samargul" <samargul@nps.navy.mil>
From: faial@rio-de-janeiro.sns.slb.com (Jose Carlos Faial)

I think IPFC can help you. From IPFC homepage:

"IPFC is a software and framework to manage and monitor multiple types of
security modules across a global network. Security modules can be as
diverse as packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint
FW1...), NIDS (Snort, arpwatch...), webservers and other general devices
(from servers to embedded devices)."

Its free. http://www.conostix.com/ipfc/

rgds,

faial

At 12:54 PM 1/28/2002 -0800, you wrote:
>I have been asked by one of my clients to purchase a program which
>correlates Intrusion Detection System (IDS) data from network and host based
>systems. My clients company is running ISS's RealSecure which is guarding
>its perimeter and high value targets and a proprietary third party IDS which
>is placed on many of its hosts. The software is searching for all sorts of
>attacks, both internal and external to the network. Does anyone know of any
>COTS software products which could aide in this problem? Most of the
>client's enterprise networking is Windows NT 4.0 based. I have been looking
>at ISS's
>SAFEsuite Decisions™ and Enterasys Networks' Vulnerability Correlation Tool.
>
>Looking for any opinions, suggestions, comments.
>
>Thanks-
>Scott Margulis
>MCSE/MCP+I