IDS mailing list archives
Re: Correlation software
From: Johann_van_Duyn () bat com
Date: Fri, 19 Mar 2004 09:25:05 +0200
Symantec's Incident Manager comes to mind; it is an event correlation and incident management tool that can take input from a variety of Symantec and 3rd-party sources like firewalls, N-IDS, H-IDS, Security Config Management software like ESM, and vulnerability assessment software like SVA. It requires that you install SESA (Symantec Enterprise Security Architecture), which may or may not be something that you would consider doing. Definitely worth a look, though, and perhaps even a pilot. This type of software is definitely not the kind of stuff that you would like to buy on paper without extensive trials beforehand. ISS SiteProtector also operates in this space, and should be worth a look. Hope this helps... -------------------------------------------------------- J o h a n n v a n D u y n, CISSP IT Risk and Security Manager: British American Tobacco South Africa Stellenbosch, South Africa Tel. +27 (21) 8883765 Cel. +27 (82) 3248035 Fax. +27 (21) 8883587 eFax. +1 (509) 2785044 E:mail: johann_van_duyn () bat com -------------------------------------------------------- "You can kill a man but you can't kill what he stands for. Not unless you first break his spirit. That's a beautiful thing to see." -- Cancer Man, The X-Files sam () neuroflux com 18-03-2004 18:07 To: focus-ids () securityfocus com cc: Subject: Correlation software Hello.. Thank you all for your responses to my Entercept email, they have all been fantastic! I am also looking to find out if there are any commercial Log Correlation packages available? I'm looking for something that can correlate Firewall + IDS + HIDS type of logs and create a logical flow of events.. Can anyone recommend, or point me in the right direction? Thanks! -Sam --------------------------------------------------------------------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT. Visit: www.coresecurity.com/promos/sf_eids1 to learn more. --------------------------------------------------------------------------- ______________________________________________________________________ Confidentiality Notice: The information in this document and attachments is confidential and may also be legally privileged. It is intended only for the use of the named recipient. Internet communications are not secure and therefore British American Tobacco does not accept legal responsibility for the contents of this message. If you are not the intended recipient, please notify us immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful. ______________________________________________________________________ --------------------------------------------------------------------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT. Visit: www.coresecurity.com/promos/sf_eids1 to learn more. ---------------------------------------------------------------------------
Current thread:
- Correlation software sam (Mar 18)
- RE: Correlation software Mark Titley (Mar 19)
- Re: Correlation software Mike Lyman (Mar 22)
- RE: Correlation software Chris Petersen (Mar 23)
- RE: Correlation software Tadeo Cwierz (Mar 25)
- Re: Correlation software Rainer Duffner (Mar 23)
- <Possible follow-ups>
- Re: Correlation software Johann_van_Duyn (Mar 19)
- RE: Correlation software Phil Hollows (Mar 19)
- RE: Correlation software Chris Kirschke (Mar 19)
- Re: Correlation software Raffael Marty (Mar 22)
- RE: Correlation software Alberto Gonzalez (Mar 22)
- RE: Correlation software Mariusz Burdach (Mar 22)
- RE: Correlation software Joe Luna (Mar 22)
- RE: Correlation software AJ Butcher, Information Systems and Computing (Mar 25)
- Re: Correlation software David Chapdelaine (Mar 25)
- RE: Correlation software DeGennaro, Gregory (Mar 23)
- RE: Correlation software Phil Hollows (Mar 23)