IDS mailing list archives

Re: Correlation software

From: Rainer Duffner <rainer () ultra-secure de>
Date: Tue, 23 Mar 2004 23:57:38 +0100

sam () neuroflux com wrote:

Hello..  Thank you all for your responses to my Entercept email, they have
all been fantastic!


What I would be interested in knowing is:

For things like syslogs, firewall-logs etc. - they're not collected in acentral console anyway (normally, without the correlation SW).

So you have some sort of agent that sucks them in, I suppose.

But what about an IDS and it's console ?

E.g. how is (attack-)information (in this case probably about an eventthat occured) from a Dragon sensor transported to a correlation-"sensor"(or agent) ?I assume the dragon-server still receives it and thus it must be somehow"duplicated".




Anyone can shed light on this ? Or is this a silly question ?



Rainer



---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

Correlation software sam (Mar 18)
- RE: Correlation software Mark Titley (Mar 19)
- Re: Correlation software Mike Lyman (Mar 22)
- RE: Correlation software Chris Petersen (Mar 23)
  - RE: Correlation software Tadeo Cwierz (Mar 25)
- Re: Correlation software Rainer Duffner (Mar 23)
- <Possible follow-ups>
- Re: Correlation software Johann_van_Duyn (Mar 19)
- RE: Correlation software Phil Hollows (Mar 19)
- RE: Correlation software Chris Kirschke (Mar 19)
  - Re: Correlation software Raffael Marty (Mar 22)
  - RE: Correlation software Alberto Gonzalez (Mar 22)
- RE: Correlation software Mariusz Burdach (Mar 22)
- RE: Correlation software Joe Luna (Mar 22)
  - RE: Correlation software AJ Butcher, Information Systems and Computing (Mar 25)
  - Re: Correlation software David Chapdelaine (Mar 25)
- RE: Correlation software DeGennaro, Gregory (Mar 23)

(Thread continues...)