IDS mailing list archives
Re: NIDS and HIDS
From: Matthew Romanek <shandower () gmail com>
Date: Tue, 30 Nov 2004 07:35:27 -0800
On Mon, 29 Nov 2004 14:48:56 -0600, Youngquist, Jason R. <jryoungquist () ccis edu> wrote:
I'd like to have an analysis program that would take data from the NIDS, HIDS, syslog, and tripwire logs, put it all together, and be able to give me some useful charts and graphical summaries so management can see that their money was well spent in securing the organization's infrastructure.
I like Itellitactics's NSM monitor aggregation software. It takes reports from Manhunt, snort, tripwire, nessus, firewall events, etc. When set up correctly, it can do spiffy little tricks like correlate a firewall deny with a change alert from tripwire and flag a 'yellow' alarm for our monitoring group while at the same time firing off a nessus scan against the curiously-acting box. It's pretty nice. But it's a pain to set up and not a minor thing to impliment. -- Matthew 'Shandower' Romanek IDS Analyst -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: NIDS and HIDS Bastian Ballmann (Dec 01)
- <Possible follow-ups>
- Re: NIDS and HIDS Karel Chwistek (Dec 01)
- Re: NIDS and HIDS Jason Haar (Dec 02)
- Re: NIDS and HIDS Matthew Romanek (Dec 03)
- open source ids list for implementation gaurav_jindal (Dec 07)
- Re: NIDS and HIDS Jason Haar (Dec 02)
- Re: NIDS and HIDS Matthew Romanek (Dec 01)
- RE: NIDS and HIDS Timm, Kevin (Dec 02)
- RE: NIDS and HIDS Chris Petersen (Dec 02)
- Re: NIDS and HIDS KC (Dec 06)
- Re: NIDS and HIDS Martin Mkrtchian (Dec 08)
- RE: NIDS and HIDS Maynor, David (ISS Atlanta) (Dec 09)