Re: NIDS and HIDS
From: Matthew Romanek (shandower_at_gmail.com)
Date: 11/30/04
- Previous message: Bastian Ballmann: "Re: NIDS and HIDS"
- Maybe in reply to: Bastian Ballmann: "Re: NIDS and HIDS"
- Next in thread: Karel Chwistek: "Re: NIDS and HIDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Nov 2004 07:35:27 -0800 To: "Youngquist, Jason R." <jryoungquist@ccis.edu>
On Mon, 29 Nov 2004 14:48:56 -0600, Youngquist, Jason R.
<jryoungquist@ccis.edu> wrote:
> I'd like to have an analysis program that would take data from the NIDS,
> HIDS, syslog, and tripwire logs, put it all together, and be able to
> give me some useful charts and graphical summaries so management can see
> that their money was well spent in securing the organization's
> infrastructure.
I like Itellitactics's NSM monitor aggregation software. It takes
reports from Manhunt, snort, tripwire, nessus, firewall events, etc.
When set up correctly, it can do spiffy little tricks like correlate a
firewall deny with a change alert from tripwire and flag a 'yellow'
alarm for our monitoring group while at the same time firing off a
nessus scan against the curiously-acting box. It's pretty nice. But
it's a pain to set up and not a minor thing to impliment.
-- Matthew 'Shandower' Romanek IDS Analyst -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
- Previous message: Bastian Ballmann: "Re: NIDS and HIDS"
- Maybe in reply to: Bastian Ballmann: "Re: NIDS and HIDS"
- Next in thread: Karel Chwistek: "Re: NIDS and HIDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
