Security Basics mailing list archives
Re: Log analysis tool for Cisco HIPS/NIPS.
From: "Andrew Hay" <andrewsmhay () gmail com>
Date: Mon, 22 Jan 2007 14:53:46 -0400
Have you checked out OSSIM? http://www.ossim.net/ "Ossim stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant a network/security administrator with detailed view over each and every aspect of his networks/hosts/physical access devices/server/etc... Besides getting the best out of well known open source tools, some of which are quickly described below these lines, ossim provides a strong correlation engine, detailed low, mid and high level visualization interfaces as well as reporting and incident managing tools, working on a set of defined assets such as hosts, networks, groups and services. All this information can be limited by network or sensor in order to provide just the needed information to specific users allowing for a fine grained multi-user security environment. Also, the ability to act as an IPS (Intrusion Prevention System) based on correlated information from virtually any source result in a useful addition to any security professional." You may want to also check out Q1 Labs QRadar (http://www.q1labs.com/) or LogLogic (http://www.loglogic.com/products/) if you're looking for enterprise-grade solutions. On 21/01/07, Ramki B <bramkie () gmail com> wrote:
Hi Thanks, I had read the doc's but MARS cannot do an off-line analysis and reporting (or is there a way to do this on MARS?...). Iam looking for a product that can import security device/SW logs and provide an interface to analyze and generate reports. Regards Ramki > -----Original Message----- > From: Alberto Madrid [mailto:alberto.madrid () ngisolution com] > Sent: Thursday, January 18, 2007 1:08 AM > To: 'Ramki B'; security-basics () securityfocus com > Subject: RE: Log analysis tool for Cisco HIPS/NIPS. > Importance: High > > > Hi, Ramki: > > Please, take a look a Cisco MARS (Cisco Security Monitoring, > Analysis and Response System) http://www.cisco.com/go/mars > > Regards, > > Alberto Madrid > ipsubnet0 () cantv net > MCP, CCNA, CQS, CCSP, INFOSEC Professional. > > > > -----Mensaje original----- > De: listbounce () securityfocus com > [mailto:listbounce () securityfocus com] En nombre de Ramki B > Enviado el: MiƩrcoles, 17 de Enero de 2007 01:28 p.m. > Para: security-basics () securityfocus com > Asunto: Log analysis tool for Cisco HIPS/NIPS. > > Hi > > I am looking for a good tool to analyze the logs created by > Cisco NIPS and HIPS (Cisco Security Agent), what tools other > than Cisco provided are available with reporting functions. > > I have a fair idea on the concepts of log analysis but > without a proper tool it's a very laborious and time consuming task. > > Any inputs/directions would help. > > Thanks > Ramki > > ~~~~~~~~~~~~~~~~~~~~~~~~~~ > Ramakrishnan B > IM: bramkie () hotmail com > ~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Be better than the best" > ~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.432 / Virus Database: 268.16.13/632 - Release > Date: 16/01/2007 > 04:36 p.m. > >
-- Andrew Hay blog: https://www.andrewhay.ca email: andrewsmhay || at || gmail.com
Current thread:
- Log analysis tool for Cisco HIPS/NIPS. Ramki B (Jan 17)
- Message not available
- RE: Log analysis tool for Cisco HIPS/NIPS. Ramki B (Jan 22)
- RE: Log analysis tool for Cisco HIPS/NIPS. Ryan Counts (Jan 23)
- Re: Log analysis tool for Cisco HIPS/NIPS. Andrew Hay (Jan 23)
- RE: Log analysis tool for Cisco HIPS/NIPS. Ramki B (Jan 22)
- Message not available