Re: Correlation software

[Johann_van_Duyn () bat com]

Symantec's Incident Manager comes to mind; it is an event correlation and 
incident management tool that can take input from a variety of Symantec 
and 3rd-party sources like firewalls, N-IDS, H-IDS, Security Config 
Management software like ESM, and vulnerability assessment software like 
SVA. It requires that you install SESA (Symantec Enterprise Security 
Architecture), which may or may not be something that you would consider 
doing. Definitely worth a look, though, and perhaps even a pilot. This 
type of software is definitely not the kind of stuff that you would like 
to buy on paper without extensive trials beforehand.

ISS SiteProtector also operates in this space, and should be worth a look.

Hope this helps...

--------------------------------------------------------
J o h a n n   v a n   D u y n, CISSP
IT Risk and Security Manager: British American Tobacco South Africa
Stellenbosch, South Africa
Tel.  +27 (21) 8883765
Cel.  +27 (82) 3248035
Fax.  +27 (21) 8883587
eFax. +1 (509) 2785044
E:mail: johann_van_duyn () bat com
--------------------------------------------------------
"You can kill a man but you can't kill what he stands for. 
 Not unless you first break his spirit. 
 That's a beautiful thing to see."
 
                                                                 -- Cancer 
Man, The X-Files





sam () neuroflux com
18-03-2004 18:07

 
        To:     focus-ids () securityfocus com
        cc: 
        Subject:        Correlation software


Hello..  Thank you all for your responses to my Entercept email, they have
all been fantastic!

I am also looking to find out if there are any commercial Log Correlation
packages available?  I'm looking for something that can correlate Firewall
+ IDS + HIDS type of logs and create a logical flow of events..

Can anyone recommend, or point me in the right direction?

Thanks!
-Sam


---------------------------------------------------------------------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.

Visit: 
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------





______________________________________________________________________
Confidentiality Notice: The information in this document and attachments is confidential and may also be legally 
privileged.  It is intended only for the use of the named recipient.  Internet communications are not secure and 
therefore British American Tobacco does not accept legal responsibility for the contents of this message.  If you are 
not the intended recipient, please notify us immediately and then delete this document.  Do not disclose the contents 
of this document to any other person, nor take any copies.  Violation of this notice may be unlawful.
______________________________________________________________________

---------------------------------------------------------------------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.

Visit: 
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------