Re: Log analysis tool for Cisco HIPS/NIPS.

["Andrew Hay" <andrewsmhay () gmail com>]

Have you checked out OSSIM?  http://www.ossim.net/

"Ossim stands for Open Source Security Information Management. Its
goal is to provide a comprehensive compilation of tools which, when
working together, grant a network/security administrator with detailed
view over each and every aspect of his networks/hosts/physical access
devices/server/etc...
Besides getting the best out of well known open source tools, some of
which are quickly described below these lines, ossim provides a strong
correlation engine, detailed low, mid and high level visualization
interfaces as well as reporting and incident managing tools, working
on a set of defined assets such as hosts, networks, groups and
services.

All this information can be limited by network or sensor in order to
provide just the needed information to specific users allowing for a
fine grained multi-user security environment. Also, the ability to act
as an IPS (Intrusion Prevention System) based on correlated
information from virtually any source result in a useful addition to
any security professional."

You may want to also check out Q1 Labs QRadar (http://www.q1labs.com/)
or LogLogic (http://www.loglogic.com/products/) if you're looking for
enterprise-grade solutions.

On 21/01/07, Ramki B <bramkie () gmail com> wrote:
> Hi
>
> Thanks, I had read the doc's but MARS cannot do an off-line analysis
> and reporting (or is there a way to do this on MARS?...). Iam looking
> for a product that can import security device/SW logs and provide an
> interface to analyze and generate reports.
>
>
> Regards
> Ramki
>
> > -----Original Message-----
> > From: Alberto Madrid [mailto:alberto.madrid () ngisolution com]
> > Sent: Thursday, January 18, 2007 1:08 AM
> > To: 'Ramki B'; security-basics () securityfocus com
> > Subject: RE: Log analysis tool for Cisco HIPS/NIPS.
> > Importance: High
> >
> >
> > Hi, Ramki:
> >
> > Please, take a look a Cisco MARS (Cisco Security Monitoring,
> > Analysis and Response System) http://www.cisco.com/go/mars
> >
> > Regards,
> >
> > Alberto Madrid
> > ipsubnet0 () cantv net
> > MCP, CCNA, CQS, CCSP, INFOSEC Professional.
> >
> >
> >
> > -----Mensaje original-----
> > De: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] En nombre de Ramki B
> > Enviado el: Miércoles, 17 de Enero de 2007 01:28 p.m.
> > Para: security-basics () securityfocus com
> > Asunto: Log analysis tool for Cisco HIPS/NIPS.
> >
> > Hi
> >
> > I am looking for a good tool to analyze the logs created by
> > Cisco NIPS and HIPS (Cisco Security Agent), what tools other
> > than Cisco provided are available with reporting functions.
> >
> > I have a fair idea on the concepts of log analysis but
> > without a proper tool it's a very laborious and time consuming task.
> >
> > Any inputs/directions would help.
> >
> > Thanks
> > Ramki
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Ramakrishnan B
> > IM: bramkie () hotmail com
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~
> > "Be better than the best"
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> >
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.432 / Virus Database: 268.16.13/632 - Release
> > Date: 16/01/2007
> > 04:36 p.m.
> >
> >


--
Andrew Hay
blog: https://www.andrewhay.ca
email: andrewsmhay || at || gmail.com