Penetration Testing mailing list archives
Re: Software to Correlate traffic from various devices
From: aditya mukadam <aditya.mukadam () gmail com>
Date: Thu, 6 Aug 2009 14:38:22 +0530
Also check for , 1) Netforensics 2) Logrhythm 3) Juniper STRM Thanks, Aditya Govind Mukadam CISSP,JNCIA-UAC,JNCIA-SSL,CEH, JNSA-Advanced Security,CQS-PIX,CQS-VPN On Thu, Aug 6, 2009 at 2:56 AM, Zack Payton <zpayton () gmail com> wrote:
Word on the street is that Cisco Mars is going the way of the Dodo aka EOL'd. It's functionality will be pushed and integrated with some other product in the Cisco family. Z On Wed, Aug 5, 2009 at 11:13 AM, Fred H<sectester () yahoo com> wrote:Another option for a big budget is Cisco Mars. It has many templates for various log input types, as well as the ability to create your own custom parser. Fred Hamilton Information Security Analyst 2 Financial Sector ----- Original Message ---- From: Adriel T. Desautels <ad_lists () netragard com> To: Aseem Kumar <kumaraseem () gmail com> Cc: pen-test () securityfocus com Sent: Thursday, July 30, 2009 2:11:13 PM Subject: Re: Software to Correlate traffic from various devices Asseem, If you have big budget (about $200K for arcsight) and you can afford it try ArcSight. Its powerful but requires a lot of work to setup. Once its up and running, it really rocks! If you don't have a massive budget, then try prelude-ids from http://www.prelude-ids.org. It is a very powerful system that can be used for free, or you can pay for the faster commercial modules ($10K for the works or something like that). Prelude can take input from anything, normalize it with minimal to no data loss, and correlate against it. On Jul 25, 2009, at 7:06 AM, Aseem Kumar wrote:Hi all, I am looking for an application that will allow me to write logic to correlate alerts that can be fed in the format of (device type,alarm name(from snort ids specifically) severity level, source ip, source port, destination ip, destination port, timestamp & event count) from a csv file. The application need not be too fancy GUI kind, but one with a simple interface but allows me to write logics using complex combinations of various fields in various stages. I have a logging software that logs everything, but it correlation part is not reliable. Is anyone aware of any such software. Also not looking for very expensive software. Thanks Aseem -- Love enables you to put your deepest feelings and fears in the palm of your partner's hand, knowing they will be handled with care. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Software to Correlate traffic from various devices Fred H (Aug 05)
- Re: Software to Correlate traffic from various devices Zack Payton (Aug 06)
- Re: Software to Correlate traffic from various devices Ahmad Taha Zaki (Aug 06)
- Re: Software to Correlate traffic from various devices aditya mukadam (Aug 06)
- RE: Software to Correlate traffic from various devices Wong Yu Liang (Aug 06)
- Re: Software to Correlate traffic from various devices macubergeek (Aug 06)
- Re: Software to Correlate traffic from various devices mhellman (Aug 06)
- Re: Software to Correlate traffic from various devices Randal T. Rioux (Aug 09)
- RE: Software to Correlate traffic from various devices Tran Thanh Hai (Aug 06)
- Re: Software to Correlate traffic from various devices Adriel T. Desautels (Aug 06)
- Re: Software to Correlate traffic from various devices Zack Payton (Aug 06)