Deepsight Analyzer Beta

From: Alfred Huger (alfred_huger@symantec.com)
Date: 09/05/02


To: focus-ids@securityfocus.com
From: "Alfred Huger" <alfred_huger@symantec.com>
Date: Thu, 5 Sep 2002 12:26:11 -0600


We are currently underway with the beta process for DeepSight Analyzer 4.0.
This new and final stage of our rollout will now allow you to upload
Firewall data alongside your IDS data and generate reports, correlate and
notify against these disparate data sets. I think this is a huge leap
forward in terms of value in the system. In any event, we have openings in
the beta process and I would like to solicit this group to see if anyone is
interested. The upside to being a beta participant is that there are
feature-sets which are not going to be made available to standard users
which will be available to people who take part in the beta program. The
requirements for taking part should you be interested are:

1. You *must* be a current and active DeepSight Analyzer user. This means
you must upload at least once a day.
2. You must have one of the following devices and be willing to send data
from it (as you already do with your IDS's) into Analyzer:

Cisco PIX - 4.2 - 5.1
NetScreen 500, 200, 100, 50, 25 and 5XP.
Cisco IOS - 11.X ? 12.X
Firewall-1 NG
ZoneAlarm 2.6.0

As well as one of the following IDS's actively and currently sending data
into DeepSight:

BlackIce 2.0 -3.x
Snort 1.6 - 1.9.x
RealSecure 3.1 - 5.5
RealSecure 6.0 - 6.5
NetProwler - 3.5.x
Cisco Secure IDS 2.5 - 3.0
Dragon 4.2

3. You must be willing to take about an hour to two hours of your time to
configure and deploy the new versions of DeepSight Extractor on your
systems.

Outside of this we would expect you're available to report bugs :>

If you meet the above requirements and are interested please let me know
and we will see to setting you up on the beta.

-al