Re: RE: syslog

[cynthia.f.chan () citi com]

I am not as familiar with CA's eTrust Audit tool. Does it also provide real-time correlation capabilities, the sweet 
spot of something like an Arcsight? Does it also enable you to correlate events coming in with critical devices - for 
example, allowing administrators to load asset inventory reference data and use that as part of the real-time 
correlation capability.

> From what I can tell (and I would like R.Maheswaran's feedback given he has hands-on experience), CA is more of a non 
> real-time Security Information (vs. Event) Management system. Am I wrong with this assumption? 

Could eTrust be used as an event aggregator to eventually feed a realtime correlation engine? Is eTrust Audit more in 
line with RSA's enVision appliance (except it is agent-based versus agentless) from a non-real time functionality 
perspective?

Thanks