Security Basics mailing list archives

RE: FW/IPS log correlation software

From: Alfredo Cedeño <acedeno () secur-enet com>
Date: Fri, 4 Apr 2008 15:25:31 -0430

Hi,

I have been working with Sentinel for a long time.... It has a friendly GUI.

Http://www.novell.com/sentinel

Regards,

Alfredo. 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of bart knippenberg
Sent: viernes, 04 de abril de 2008 02:54 a.m.
To: Raimar Melchior
Cc: security-basics () securityfocus com
Subject: Re: FW/IPS log correlation software

Hello Raimar,

Maybe you can take a look at RSA envision? This is at the moment number one
for Gartner. From technical point of view is this produkt much better as
Cisco Mars or Arcsight. Envision can correlate a hugh amount of logs, has
collectors for a lot of produkts, has a decent Gui. Logs are not prefiltered
when they are stored. (Arcsight does a correlation before logs are send form
agents or stored in database).

Best regards

Bart Knippenberg

2008/4/3 Raimar Melchior <raimar.melchior () crocodial de>:

Hello list,

 we want a central log station where logs from firewalls, ips and 
other security devices are sent to. All of our components support the 
syslog protocol.
 The challange is to filter and correlate this huge amount of logs. We 
also want to create filtering and reports (graphical). The server 
should have a graphical frontend (gui).
 We tried the kiwi syslog server but it doesn't meet our requirements. 
Any good enterprise software out there ?
 Any suggestions would be very appreciated.

 Many Thanks,
 Raimar

 Security Consultant

 CROCODIAL IT Security GmbH

 Niederlassung Köln
 Von-der-Wettern-Str. 25
 51149 Köln

 office: +492203-69923-16
 mobile: +49170-2265680
 eMail: rm () crocodial de
 http://www.crocodial.de/


 Sitz der Gesellschaft: Hamburg
 Eingetragen: Amtsgericht Hamburg Nr. HRB 83456
 Geschäftsführung: Wolfgang Dierke, Helmut Hansen, Lutz Klöber

 
----------------------------------------------------------------------
 CROCODIAL SecurityDays 2008:
 ----------------------------------------------------------------------
  Berlin:      16.04.2008          Hamburg:     22.02.2008
              26.09.2008                       05.09.2008
  Bremen:      04.04.2008          Hannover:    18.04.2008
              12.09.2008                       19.09.2008
  Dortmund:    23.10.2008          Köln:        05.06.2008
  Düsseldorf:  10.04.2008

Current thread:

FW/IPS log correlation software Raimar Melchior (Apr 03)
- RE: (SCL: 1) FW/IPS log correlation software David Prince (Apr 03)
- RE: FW/IPS log correlation software Brandon Louder (Apr 03)
- Re: FW/IPS log correlation software Jay (Apr 04)
- RE: FW/IPS log correlation software Wong Yu Liang (Apr 04)
- Re: FW/IPS log correlation software Udo Sprotte (Apr 04)
- Re: FW/IPS log correlation software bart knippenberg (Apr 04)
  - RE: FW/IPS log correlation software Alfredo Cedeño (Apr 04)
  - Re: FW/IPS log correlation software Albert Gonzalez (Apr 13)
    - RE: FW/IPS log correlation software Nathan Sherlock (Apr 15)
- RE: FW/IPS log correlation software Loupe, Jeffrey J (Apr 04)
- Re: FW/IPS log correlation software TT-SEC (Apr 04)
- RE: FW/IPS log correlation software Kevin Ortloff (Apr 04)
- <Possible follow-ups>
- Re: FW/IPS log correlation software mgk . mailing (Apr 04)
  - Re: FW/IPS log correlation software Gleb Paharenko (Apr 07)
    - Re: FW/IPS log correlation software Ronald van der Westen (Apr 10)
- Re: FW/IPS log correlation software Olmstead, Frank M. - OTR (Apr 04)