IDS mailing list archives

Re: NetFlow for IDS

From: "Jonathan Glass (GMail)" <jonathan.glass () gmail com>
Date: Wed, 20 Jul 2005 19:42:28 -0400

Lancope sells a Stealthwatch XE appliance for anomaly-based IDS usingNetflow analysis.


Jonathan Glass

Gary Halleen (ghalleen) wrote:

That list is handy, but incomplete.

Cisco MARS should be added.  MARS is a SIM product that receives log
information from various sources (firewalls, routers, switches, IDS/IPS,
host logs, antivirus, and more).  It also receives netflow, and can
provide very useful security-related information based on it.

Gary



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

------------------------------------------------------------------------

Current thread:

NetFlow for IDS Andy Cuff (Jul 15)
- Re: NetFlow for IDS Adam Powers (Jul 17)
- Re: NetFlow for IDS Gianpiero Porchia (Jul 21)
- <Possible follow-ups>
- RE: NetFlow for IDS Gary Halleen (ghalleen) (Jul 20)
  - Message not available
    - RE: NetFlow for IDS Ron Gula (Jul 21)
    - RE: NetFlow for IDS Mark Teicher (Jul 22)
    - Re: NetFlow for IDS Richard Bejtlich (Jul 22)
    - Re: NetFlow for IDS Adam Powers (Jul 25)
    - Re: NetFlow for IDS Fergus Brooks (Jul 27)
  - Re: NetFlow for IDS Jonathan Glass (GMail) (Jul 21)
  - Re: NetFlow for IDS Fergus Brooks (Jul 22)
    - Re: NetFlow for IDS Roland Dobbins (Jul 25)
- RE: NetFlow for IDS Joseph Hamm (Jul 22)
- RE: NetFlow for IDS Joseph Hamm (Jul 25)