Educause Security Discussion mailing list archives
Re: Network flow log consolidation
From: Justin Dover <Dover () HARPETHHALL ORG>
Date: Tue, 25 Apr 2006 15:00:58 -0500
Cisco MARS is VERY nice. Especially if you have an entire Cisco infrastructure. I hope to have one someday. I have seen it in action. Justin Dover Harpeth Hall School 615-346-0082 The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Tuesday, April 25, 2006 at 2:43 PM -0600 wrote:
Commercially, ArcSight and Cisco have decent products... Requirements for hardware and software are higher... but might be worth checking out.... Arcsight is a software based solution and Cisco has the CS-MARS appliance. Cisco does well in basic log correlation and trends... Arcsight is much more advanced in correlation and incident analysis (getting down to the nitty gritty).... Both deal with Netflow...
Current thread:
- Network flow log consolidation Logan Browne (Apr 25)
- <Possible follow-ups>
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Justin Dover (Apr 25)
- Re: Network flow log consolidation Graham Toal (Apr 25)
- Re: Network flow log consolidation Jenkins, Matthew (Apr 25)
- Re: Network flow log consolidation Wes Young (Apr 25)
- Re: Network flow log consolidation John Rasmussen (Apr 25)
- Re: Network flow log consolidation Steve Bernard (Apr 25)
- Re: Network flow log consolidation Valdis Kletnieks (Apr 25)
- Network flow log consolidation Kim Cary (Apr 26)
- Re: Network flow log consolidation Ensz, Sean A. (Apr 27)
(Thread continues...)