Security Basics mailing list archives
Re: Help!I'm being DoS'ed by our own stupid SIM!!
From: Tremaine Lea <tlea () ddiction com>
Date: Tue, 19 Jun 2007 09:49:31 -0600
Sounds to me like the app hasn't been adequately configured. We use Arcsight in our environment and it works fine... *AFTER* it was configured.
If you don't invest the time, you won't get any value out of it. If you don't have the time/staff to invest, you shouldn't be using any kind of SIM anyways.
Tremaine Lea Network Security Consultant Intrepid ACL On 18-Jun-07, at 11:20 PM, scott wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Our CIO insists on using this app... ArcSight's Threat ResponseManager is causing WAY more headaches then security.I don't have time todo what I should be doing,because this BEAST thinks normal network activity is hostile! A weapon in one hand or a turd in the other,the way I see it! Rant over! Please DO NOT let anyone talk you into trying this.It finds so many false positives,it will throttle your bandwidth to a point where it is unusable! I know ArcSight will get mad about this post,but truth be told"Get a Grip,PLEASE"! Help,not hurt your fellow bro's here! Anyway,Hope this helps, Scott -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGd2ekelSgjADJQKsRAgMOAKCyw/18sPiu/48oxPLN2snMJFE4nACaAgps YNviYot5xdv6SZzYEHYEGC0= =cg1S -----END PGP SIGNATURE-----
Current thread:
- Help!I'm being DoS'ed by our own stupid SIM!! scott (Jun 19)
- Re: Help!I'm being DoS'ed by our own stupid SIM!! Tremaine Lea (Jun 19)
- Re: Help!I'm being DoS'ed by our own stupid SIM!! Steven Adair (Jun 19)
- Re: Help!I'm being DoS'ed by our own stupid SIM!! Francois Yang (Jun 19)