IDS mailing list archives
Re: Correlation software
From: Rainer Duffner <rainer () ultra-secure de>
Date: Tue, 23 Mar 2004 23:57:38 +0100
sam () neuroflux com wrote:
Hello.. Thank you all for your responses to my Entercept email, they have all been fantastic!
What I would be interested in knowing is:For things like syslogs, firewall-logs etc. - they're not collected in a central console anyway (normally, without the correlation SW).
So you have some sort of agent that sucks them in, I suppose. But what about an IDS and it's console ?E.g. how is (attack-)information (in this case probably about an event that occured) from a Dragon sensor transported to a correlation-"sensor" (or agent) ? I assume the dragon-server still receives it and thus it must be somehow "duplicated".
Anyone can shed light on this ? Or is this a silly question ? Rainer --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Correlation software sam (Mar 18)
- RE: Correlation software Mark Titley (Mar 19)
- Re: Correlation software Mike Lyman (Mar 22)
- RE: Correlation software Chris Petersen (Mar 23)
- RE: Correlation software Tadeo Cwierz (Mar 25)
- Re: Correlation software Rainer Duffner (Mar 23)
- <Possible follow-ups>
- Re: Correlation software Johann_van_Duyn (Mar 19)
- RE: Correlation software Phil Hollows (Mar 19)
- RE: Correlation software Chris Kirschke (Mar 19)
- Re: Correlation software Raffael Marty (Mar 22)
- RE: Correlation software Alberto Gonzalez (Mar 22)
- RE: Correlation software Mariusz Burdach (Mar 22)
- RE: Correlation software Joe Luna (Mar 22)
- RE: Correlation software AJ Butcher, Information Systems and Computing (Mar 25)
- Re: Correlation software David Chapdelaine (Mar 25)
- RE: Correlation software DeGennaro, Gregory (Mar 23)
(Thread continues...)