Re: IDS evaluation

From: Loki (loki@fatelabs.com)
Date: 08/22/02


From: "Loki" <loki@fatelabs.com>
To: <focus-ids@securityfocus.com>
Date: Thu, 22 Aug 2002 17:19:31 -0400

For you snort admins out there who have been wanting to get out of the
web-based Snort monitoring environment, Applied Watch Technologies is
going to soon announce its release of the Vigilad Command Center, the
worlds first true, OS-native Security Information Management (SIM)
system for the Snort IDS. It has distributions for Windows, Mac, Unix,
and Linux platforms. It is currently being evaluated by the Department
of Defense and will soon be offered for home/non-commercial users as
well. Our web site is located at http://www.appliedwatch.com.

Stefan, this might serve as an alternative to centralized monitoring of
your Snort IDS agents should you choose that route.

Regards,
Eric Hines

=====================================================
Eric Hines
CTO, President
Applied Watch Technologies
-----------------------------------------------------
[w] http://www.appliedwatch.com
[e] ehines@appliedwatch.com
[p] (412) 303-3115
-----------------------------------------------------
[a] Applied Watch Technologies
    149 Rossmor Court
    Pittsburgh, PA. 15229
-----------------------------------------------------
This transmission may contain information that is
privileged, confidential and/or exempt from disclosure
under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure,
copying, distribution, or use of the information
contained herein (including any reliance thereon) is
STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and
destroy the material in its entirety, whether in
electronic or hard copy format. Thank you.

=====================================================

-----Original Message-----
From: Stefan Dens [mailto:Stefan.dens@pandora.be]
Sent: Thursday, August 22, 2002 12:36 PM
To: focus-ids@securityfocus.com
Subject: Re: Re: IDS evaluation

Hi,

>I'm a Snort fan but deploying 12 of them with central management needs
>good expertise and multi-tool gluying skills.

I'm also a snort fan but deploying 12 sensor with a central management
is easy. Take a look at SnortCenter http://users.pandora.be/larc , it is
a complete management system to manage remote snort sensors. Next week
there will be a new version available with a lot of new features. The
new version will also work on linux, *BSD, solaris & Windows.

And the best of all it's free under GPL license

Regards,
Stefan Dens

------------------------
 Saad Kadhi <bsdguy@docisland.org> wrote:
------------------------
On Wed, Aug 21, 2002 at 04:04:07PM -0400, Elijah Savage wrote:
>> I am coming to you experts for a little help. It has come time to
>> renew our maintenance contract with cisco we have the old netranger
>> product. Well my company wants me to do a review of 3 products of my
>> choice to see what other products may provide us a better solution
>> that what we currently have. We have 12 IDS sensors currently. Can
>> you all recommend 3 products that will be worth my time to take a
>> look at?
>If central management/event correlation is what you need then my list
>would be: 1.Enterasys Dragon 2.Cisco Secure IDS
>3.ISS
>
>However, the new appliances from Cisco that promise better performance
>than Dragon (among other things) are still vaporware at this time.
>
>I'm a Snort fan but deploying 12 of them with central management needs
>good expertise and multi-tool gluying skills.
>
>--
>Saad Kadhi
>[pgp keyid: 35592A6D http://pgp.mit.edu]
>[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D]
># booth slave for hire



Relevant Pages

  • RE: IDS evaluation
    ... For you snort admins out there who have been wanting to get out of the ... web-based Snort monitoring environment, Applied Watch Technologies is ... system for the Snort IDS. ... I'm also a snort fan but deploying 12 sensor with a central management ...
    (Focus-IDS)
  • Re: IDS evaluation
    ... other features that make it a no brainer for any snort admin. ... IDS market closely and frankly don't see anything that even comes close. ... >>I'm a Snort fan but deploying 12 of them with central management needs ...
    (Focus-IDS)
  • SNORT, WIN2000 and Syslog
    ... Subject: SNORT, WIN2000 and Syslog ... Hi Folks, ... 2- is there any central management SW for central management and central ...
    (Focus-IDS)
  • Re: Value of "richer" signatures?
    ... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ...
    (Focus-IDS)
  • Re: ids inquisition
    ... Subject: ids inquisition ... Snort isn't one of them. ... Brian Caswell - CSV output plugin, ... Christian Lademann - active response, ...
    (Focus-IDS)