Security Basics mailing list archives

RE: Log and event correlation management solution

From: "Ralph H. Chapman" <Ralph.Chapman () aebs com>
Date: Thu, 22 Apr 2004 15:28:00 -0500

First of all, I want to thank all of you that responded to my request. I
have collected a good list of products but, did still have problems
finding a product that does BOTH. Here is what everyone responded with
and my comments, from a little research on all:

NetForensics- Looks like a good Security Event Correlation (SEC) product
but not for real time event log management (ELM).

Guardednet neuSecure- SEC yes, ELM no.

Intellitactics NSM - SEC yes, ELM no.

Arcsight- SEC yes, ELM no.

Addamark Omnisight- SEC yes, ELM no.

Tivoli Riskmanager- SEC yes, ELM no.

NetIQ Logadmin- SEC yes, ELM no.
(Are you starting to see a pattern here <grin>?)

Computer Associates eTrust Audit- SEC yes, ELM no.

Micromuse Netcool suite of products- looks like they have products for
"application and systems management" as well as "security management".
This might be a winner here.

Network Intelligence HA series appliance- Again, this might be a winner;
does both functions.

eSecurity- SEC yes, ELM no.

BindView Vulnerability Management- SEC yes, ELM no.

Big Brother- SEC no, ELM yes.

Kiwisyslog- SEC no, ELM yes.

MRTG- SEC no, ELM yes.

Thanks again for all the ideas!!

-----Original Message-----
From: Ralph H. Chapman [mailto:Ralph.Chapman () aebs com] 
Sent: Friday, April 16, 2004 9:37 AM
To: security-basics () securityfocus com
Subject: Log and event correlation management solution

I seem to be striking out on this one. 

I am looking for a product that can manage logs from OS (Microsoft,
Novell, Unix, etc) as well as infrastructure equipment (routers,
switches, etc.) to maintain up time statistics, hard drive space getting
low, etc.  Also, I would like the product to be able to do security
event correlation on some or all the logs coming in. Any ideas?

As I am searching the Internet, I keep seeing one or the other, not
both.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Log and event correlation management solution Ralph H. Chapman (Apr 16)
- RE: Log and event correlation management solution Tiago Filipe Dias (Apr 19)
  - Re: Log and event correlation management solution Wong Chung Yee, Ellis (Apr 20)
- <Possible follow-ups>
- RE: Log and event correlation management solution Andrew Shore (Apr 16)
- RE: Log and event correlation management solution Ralph H. Chapman (Apr 24)