Re: IDS/IPS system with Foundry sFlow

From: Martin Roesch <roesch@xxxxxxxxxxxxxx>
Date: Tue, 22 Apr 2008 14:18:37 -0400

When you say "with sFlow" do you mean analyze the sFlow records or analyze the packets on the wire and correlate it with the sFlow data?

--
Sent from my iPhone

On Apr 21, 2008, at 3:42 PM, "Security Group" <secgro@xxxxxxxxx> wrote:

Hello,

We have got a network with an embedded support for sFlow technology.
We also want to have a good IDS/IPS system. Does anyone know a good
setup with our foundry?

We noticed that Foundry got their own application called "IronView
Network Manager", it is able to operate with snort. Does anyone know
of this is a good solution? Or should we use an sFlow converter (e.g.
InMon sFlow toolkit) that can work with snort?

What are the other possibilities for IDS/IPS besides snort. It has to
operate with the sFlow technology.

Kind regards,

Babel Timo

--- ---------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
--- ---------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------

Follow-Ups:
- RE: IDS/IPS system with Foundry sFlow
  - From: Monk, Scott
- Re: IDS/IPS system with Foundry sFlow
  - From: Adam Powers
- RE: IDS/IPS system with Foundry sFlow
  - From: Adamo, Alfonso

References:
- IDS/IPS system with Foundry sFlow
  - From: Security Group

Prev by Date: IDS/IPS system with Foundry sFlow
Next by Date: RE: IDS/IPS system with Foundry sFlow
Previous by thread: IDS/IPS system with Foundry sFlow
Next by thread: RE: IDS/IPS system with Foundry sFlow
Index(es):
- Date
- Thread

Relevant Pages

Re: IDS/IPS system with Foundry sFlow
... Also Lancope has a StealWatch XE for sFlow. ... it is able to operate with snort. ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
Re: IDS/IPS system with Foundry sFlow
... I have seen snort sFlow integrations done a few times times with varying ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
RE: IDS/IPS system with Foundry sFlow
... would either need to be able to use Netflow (not supported on Foundry ... We prefer the Datacom singlestream taps for our Snort IDS ... Also Lancope has a StealWatch XE for sFlow. ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
RE: IDS/IPS system with Foundry sFlow
... So I'd check Nokia because they've made some great ... We have got a network with an embedded support for sFlow technology. ... it is able to operate with snort. ...
(Focus-IDS)
RE: IDS/IPS system with Foundry sFlow
... the sFlow is sampled 1 of 32 packets and higher. ... remotely) can read and then send alerts back to the IronView console. ... it is able to operate with snort. ...
(Focus-IDS)