Re: Help!I'm being DoS'ed by our own stupid SIM!!

[Tremaine Lea <tlea () ddiction com>]

Sounds to me like the app hasn't been adequately configured.  We use  
Arcsight in our environment and it works fine... *AFTER* it was  
configured.

If you don't invest the time, you won't get any value out of it.  If  
you don't have the time/staff to invest, you shouldn't be using any  
kind of SIM anyways.



Tremaine Lea
Network Security Consultant
Intrepid ACL


On 18-Jun-07, at 11:20 PM, scott wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Our CIO insists on using this app...   ArcSight's Threat Response
> Manager is causing WAY more headaches then security.I don't have  
> time to
> do what I should be doing,because this BEAST thinks normal network
> activity is hostile!
>
> A weapon in one hand or a turd in the other,the way I see it!
>
> Rant over!
>
> Please DO NOT let anyone talk you into trying this.It finds so many
> false positives,it will throttle your bandwidth to a point where it is
> unusable!
>
> I know ArcSight will get mad about this post,but truth be told"Get a
> Grip,PLEASE"!
>
> Help,not hurt your fellow bro's here!
>
> Anyway,Hope this helps,
>     Scott
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGd2ekelSgjADJQKsRAgMOAKCyw/18sPiu/48oxPLN2snMJFE4nACaAgps
> YNviYot5xdv6SZzYEHYEGC0=
> =cg1S
> -----END PGP SIGNATURE-----