Re: [security-elvandar] RE: Correlation tool

[Ian Macdonald <secids () dirk demon co uk>]

Great eye candy, but starts to crawl when the number of rows gets high. It
has some really slow queries

Ian

On Tue, 17 Jun 2003, Remko Lodder wrote:

> Quoting "Matthew F. Caldwell" <mattc () guarded net>:
>
> Did you try puresecure? It can be obtained at http://www.demarc.com
>
> It has a personal free version: "PureSecure Personal Edition for Unix and
> Windows
> PureSecure Personal Edition is provided free of charge to personal users as a
> means to secure their home networks"
>
> It uses MySQL [ which also can be downloaded for free ] and there you have a
> nice gui from which you can select events and select source / destination /
> sourceport / destinationport etc. This can help to correlate
>
> Perhaps i am wrong about this one :-) But it might be an idea,
>
> Goodluck!
>
>
> > Thomas,
> >
> >     You may want to take a look at the open source tool "Simple
> > Event Correlator".  http://kodu.neti.ee/~risto/sec/
> >
> > The website claims to aggregate and correlate Event Data from the Snort
> > IDS. The level of correlation is pretty simple from my understanding
> > however it is Open Source. So add mod add away!
> >
> > If you interested in something a bit more on the scalable/robust with
> > extensible open architecture. I would invite you to check out Guarded
> > Net's neuSecure product.
> >
> >
> > Matt
> >
> > Matthew F. Caldwell, CISSP
> > Founder and Chief Security Officer
> > GuardedNet, Inc.
> > www.guarded.net
> >
> >
> > -----Original Message-----
> > From: Thomas Seibel [mailto:Thomas.Seibel () controlware de]
> > Sent: Tuesday, June 17, 2003 10:00 AM
> > To: focus-ids () securityfocus com
> > Subject: Correlationtool
> >
> > Hello,
> >
> > does someone knows if there is an opensource tool which can correlate
> > IDS-Data from Snort?
> >
> > Regards,
> > Tom
> >
> >
> > ------------------------------------------------------------------------
> > -------
> > Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas,
> > the
> > world's premier technical IT security event! 10 tracks, 15 training
> > sessions,
> > 1,800 delegates from 30 nations including all of the top experts, from
> > CSO's to
> > "underground" security specialists.  See for yourself what the buzz is
> > about!
> > Early-bird registration ends July 3.  This event will sell out.
> > www.blackhat.com
> > ------------------------------------------------------------------------
> > -------
> -------------------------------------------------------------------------------
> > Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
> > world's premier technical IT security event! 10 tracks, 15 training sessions,
> > 1,800 delegates from 30 nations including all of the top experts, from CSO's
> > to
> > "underground" security specialists.  See for yourself what the buzz is about!
> > Early-bird registration ends July 3.  This event will sell out.
> > www.blackhat.com
> -------------------------------------------------------------------------------
> >
>
>
> --
>
> Met vriendelijke groet,
>
> Remko Lodder
> Webmaster Elvandar.org
> Webmaster Firewalladministrator.org
>
> Member of www.dshield.org Distributed Instrusion Detection
> Member of www.dsinet.org Dutch Security Information Network
>
> /*
> $(echo 'find / -perm -004000'|sed -n -e 's/([^-]*)(.*)/21/g' -e 's/([^,]
> *)e//g' -e 's/0//g' -e 's/4/r/g' -e 's/ind//p')
> */
>
> -------------------------------------------------
> http://www.elvandar.org Homepage Elvandar.org Security related
> http://www.grunn.org Homepage of grunn.org
> http://www.mostly-harmless.nl Wanna learn unix systems and about security? (dutch spoken)
> http://www.dsinet.org Dutch Security Information Network
> http://www.koekiemonster.com A site about dancing
> http://www.piare.org Homepage Piare.org
>
> -------------------------------------------------
> This mail is for the addressee only. If you are
> not that person please delete this mail right
> now. Also be notified that every mail sent will
> be scanned by our virusscanner.
>
> Deze mail is bedoeld voor de geaddresseerde.
> Als u niet deze persoon bent wordt u verzocht
> om het mailtje direct te verwijderen. Wees er
> ook van op de hoogte dat alle mailtjes gescanned
> worden door onze virusscanner
>
> ----The mailserver daemon.
> -------------------------------------------------


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------