Re: FW-1 and "monitoring client"
From: Phil Hollows (phil_at_open.com)
Date: 11 Jun 2004 06:47:47 -0700
It depends on the sophistication of analysis you want. Security
information management correlation applications, such as Open's
Security Threat Manager (www.open.com) will analyze your FW logs (and
IDS, IPS, AV, routers, servers etc) in real-time, correlate the data
to identify threats and compromises (typically leveraging
vulnerability scan information). You can use their own console,
forward to HPOV or NetCool (or any SNMP capable console). These
products will talk syslog (or for check point, OPSEC to the device or
provider / 1 ), ODBC / JDBC, etc. All depends on the systems you're
looking at and the complexity of your environment. You obviously get
thorough reporting as well as alerting.
Benefits include earlier detection of attacks (typically in the
reconnaissance phase), false positive reduction and as a result more
time to spend on proactive measuers such as patching and policy
Hope this helps
VP Security Products
OpenService, Inc (open)
firstname.lastname@example.org (Tom Aaqse) wrote in message news:<email@example.com>...
> We have some checkpoint firewalls that are sending their logs to a
> central console. We would like to have some kind of monitoring over
> the firewalls system based on "sampling" data each 5 or minutes, in a
> unattended fashion. Which would be the right direction to go?.