Re: Searching for a product that aggregates logs and can generate alerts

[Rob Barrett <barrett.security () gmail com>]

We are in the middle of this eval. All the products we have considered
have there plus's and minus's

Arcsight - everyone we spoke with said don't even consider it

Network Intelligence - very fast database, very small database, pull
reports fast, but is lacking in the Vulnerability assessment area,
correlating IDS data with VA scan data from different products, ie:
ISS NIDS with Nessus data.

Esecurity - product looked very good and flexible but our rep was very
secretive about how to setup....well...most everything in the product.

NetForensics - this one deserves a serious look. has too many
functions to list but is confusing as hell at first. has very good VA
functionality, lots of canned reports. each user has there own desktop
with 4 virtual desktops to setup your session.

as said before all of them $100k+. I did not look at the open source
product mentioned. Hope this helps.

please share your experiences =)