Re: Setting up Arcsight/Tripwire

[Aseem Kumar <kumaraseem () gmail com>]

Is SPLUNK also similar to ArcSight, as it also captures different logs
and provides reports.
If they both are similar....then which one is better suited in terms
of easy implementation/configuration.

Regards
Aseem

On Wed, Apr 8, 2009 at 3:40 AM, Randal T. Rioux <randy () procyonlabs com> wrote:
> On Tue, April 7, 2009 4:15 am, venkatesh.selvaraju () gmail com wrote:
> > Dear All,
> >
> > I was wondering if anyone has any standard rules and policies which can
> > be instantly deployed & added to Arcsight ESM for monitoring Windows,
> > UNIX, database and network devices. I understand the rules vary and are
> > specific to the OS and n/w devices. We have to setup the rules and
> > commission Arcsight in our company. If anyone has prior hands-on using
> > Arcsight or if you have any literature, please share.  Also, if you have
> > any docs on how to setup rules on Tripwire tool for file integrity
> > checking please share the information. Thank you in advance.
>
> ArcSight doesn't so much depend on rules, like an IDS. The agents just
> grab log/event data and the main engine fondles it to make pretty charts
> and correlations. The real benefit is in writing/modifying policies to get
> you the info you want. Write me offlist if you'd like help with anything
> ArcSight.
>
> As for Tripwire, that very much depends on your environment. Here is a
> good tutorial:
>
> http://www.linuxjournal.com/article/8758
>
> Also, if you haven't already implemented Tripwire, give Osiris and Samhain
> a look.
>
> Randy



--
Love enables you to put your deepest feelings and fears in the palm of
your partner's hand, knowing they will be handled with care.