IDS mailing list archives

Re: NIDS and HIDS

From: Matthew Romanek <shandower () gmail com>
Date: Tue, 30 Nov 2004 07:35:27 -0800

On Mon, 29 Nov 2004 14:48:56 -0600, Youngquist, Jason R.
<jryoungquist () ccis edu> wrote:

I'd like to have an analysis program that would take data from the NIDS,
HIDS, syslog, and tripwire logs, put it all together, and be able to
give me some useful charts and graphical summaries so management can see
that their money was well spent in securing the organization's
infrastructure.


I like Itellitactics's NSM monitor aggregation software. It takes
reports from Manhunt, snort, tripwire, nessus, firewall events, etc.
When set up correctly, it can do spiffy little tricks like correlate a
firewall deny with a change alert from tripwire and flag a 'yellow'
alarm for our monitoring group while at the same time firing off a
nessus scan against the curiously-acting box. It's pretty nice. But
it's a pain to set up and not a minor thing to impliment.
-- 
Matthew 'Shandower' Romanek
IDS Analyst

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Re: NIDS and HIDS Bastian Ballmann (Dec 01)
- <Possible follow-ups>
- Re: NIDS and HIDS Karel Chwistek (Dec 01)
  - Re: NIDS and HIDS Jason Haar (Dec 02)
    - Re: NIDS and HIDS Matthew Romanek (Dec 03)
  - open source ids list for implementation gaurav_jindal (Dec 07)
- Re: NIDS and HIDS Matthew Romanek (Dec 01)
- RE: NIDS and HIDS Timm, Kevin (Dec 02)
- RE: NIDS and HIDS Chris Petersen (Dec 02)
- Re: NIDS and HIDS KC (Dec 06)
  - Re: NIDS and HIDS Martin Mkrtchian (Dec 08)
- RE: NIDS and HIDS Maynor, David (ISS Atlanta) (Dec 09)