IDS mailing list archives
Re: ISS Siteprotector as syslog server?
From: David Maynor <dmaynor () gmail com>
Date: Mon, 22 Nov 2004 17:33:19 -0500
http://www.iss.net/products_services/enterprise_protection/rssite_protector/tpm.php When did Cisco and Checkpoint become ISS branded products? I missed that press announcement. On Mon, 22 Nov 2004 14:19:20 -0600, Eric Hines <eric.hines () appliedwatch com> wrote:
Rob is correct. ISS has on numerous occasions got their foot in the door at previous organizations I worked at on RFP's where we were looking for a SIM solution. After they got their foot in, they admitted to only being a SIM for ISS branded products. Its really disgusting how some vendors out there are abusing that term. Security Information Management (SIM), Security Event Management (SEM) is defined as aggregating and correlating information from DIFFERENT vendors and solutions. ISS Site Protector is simply a tool that ISS created to manage and tie together all their own products -- which is something I'd expect ANY vendor to be able to do. Site Protector is similar to Cisco's VMS, which ties together all their Cisco security products, etc. So in summary, no, ISS Site Protector does not have the capability to import in data from other solutions. You will want to look at other solutions to do this. If this is simply for completing your evaluations, unfortunately, the only free solution I am aware of is OSSIM -- however, I've not personally looked at it. Hope this helps. Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, Inc. Direct: (877) 262-7593 x327 http://www.appliedwatch.com "Open Source Security Management" -----Original Message----- From: Rob Shein [mailto:shoten () starpower net] Sent: Sunday, November 21, 2004 4:47 PM To: 'Bowes, Ronald (EST)'; focus-ids () securityfocus com Subject: RE: ISS Siteprotector as syslog server? In my experience with SiteProtector, it doesn't seem to have had any facility for even managing the data. It's not a vendor-agnostic, glue-everything-together kind of SIM; it's designed to provide central management for multiple ISS products and allow you to correlate data that comes from them.-----Original Message----- From: Bowes, Ronald (EST) [mailto:RBowes () gov mb ca] Sent: Thursday, November 18, 2004 10:09 AM To: 'focus-ids () securityfocus com' Subject: ISS Siteprotector as syslog server? We're trying to get several different systems (ips and ids) to work together, as we're evaluating ips products made by various vendors. The ips appliances we're using can export their data to a syslog server, and it would be nice if we could import the syslog data into ISS SiteProtector. Has anybody tried to do that before? Thanks, Ron Bowes -------------------------------------------------------------- ------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- ISS Siteprotector as syslog server? Bowes, Ronald (EST) (Nov 19)
- Re: ISS Siteprotector as syslog server? Andres Riancho (Nov 22)
- RE: ISS Siteprotector as syslog server? Rob Shein (Nov 22)
- RE: ISS Siteprotector as syslog server? Eric Hines (Nov 22)
- Re: ISS Siteprotector as syslog server? David Maynor (Nov 24)
- RE: ISS Siteprotector as syslog server? Eric Hines (Nov 22)
- RE: ISS Siteprotector as syslog server? Leandro Reox (Nov 22)
- <Possible follow-ups>
- RE: ISS Siteprotector as syslog server? PPowenski (Nov 23)
- RE: ISS Siteprotector as syslog server? Brito, Nelson (ISS Brazil) (Nov 29)