RE: Searching for a product that aggregates logs and can generate alerts

["Spyro Malaspinas" <spyro.malaspinas () gmail com>]

If you have access to the Gartner Magic Quadrant reviews for 2005, some of
the names you will see in the leaders quadrant include:

Sentinel - eSecurity's product - top notch.. I have heard nothing but
positive reviews.

Arcsight - though I have heard more bad than good review on their product
suite

GuardedNet - their first revision was a bit slow, but version 2.0 is
considerably faster and offers some great reporting and correlating
features.

Intellitactics - haven't seen this product in action

Open - I have had reasonably good experience with this product.  Their
engineering staff is very willing to help shape and mold additional
products/logging devices into the console where necessary.

-spyro malaspinas

-----Original Message-----
From: Rob Barrett [mailto:barrett.security () gmail com] 
Sent: Monday, December 05, 2005 12:30 PM
To: security-basics () securityfocus com
Subject: Re: Searching for a product that aggregates logs and can generate
alerts

We are in the middle of this eval. All the products we have considered
have there plus's and minus's

Arcsight - everyone we spoke with said don't even consider it

Network Intelligence - very fast database, very small database, pull
reports fast, but is lacking in the Vulnerability assessment area,
correlating IDS data with VA scan data from different products, ie:
ISS NIDS with Nessus data.

Esecurity - product looked very good and flexible but our rep was very
secretive about how to setup....well...most everything in the product.

NetForensics - this one deserves a serious look. has too many
functions to list but is confusing as hell at first. has very good VA
functionality, lots of canned reports. each user has there own desktop
with 4 virtual desktops to setup your session.

as said before all of them $100k+. I did not look at the open source
product mentioned. Hope this helps.

please share your experiences =)