Security Basics mailing list archives

Re: SIM questions.

From: "ॐ aditya mukadam ॐ" <aditya.mukadam () gmail com>
Date: Wed, 20 Aug 2008 10:03:41 +0530

Ray,

Your understanding is correct. SIM is an aggregator of logs. It has
capability to correlate logs from different inputs as well. Nessus
output can be feed to SIM.

For example :

Netforensics is a SIM which has Nessus agent. Nessus output would be
directed to this agent, which will normalize the traffic and send it
to its Rule Based Corelation Engine (RBC) and other components to
provide alerts and other defined outputs.

Hope this helps.

Thanks,
Aditya Govind Mukadam



On Wed, Aug 20, 2008 at 12:46 AM, Ray Van Dolson <rvandolson () esri com> wrote:

Hi all.  Currently we make use of Nessus extensively for security
scanning.  I'm evaluating Tenable's Security Center to make managing
these scans easier, but am curious how an SIM would fit into this.

Would something like Symantec's SIM *replace* Nessus' active scanning
capabilities?  Complement it?

My impression is that the SIM is more of an information aggregator that
helps with your workflow vs actually doing the scanning -- and thus our
Nesuss scanners would still be necessary.

If any of you out there use Nessus + a SIM I'd be interested in hearing
how you've fit these pieces together.

Thanks,
Ray

Current thread:

SIM questions. Ray Van Dolson (Aug 19)
- Re: SIM questions. ॐ aditya mukadam ॐ (Aug 20)
- Re: SIM questions. Adriel Desautels (Aug 20)
- <Possible follow-ups>
- RE: SIM questions. Andy Cuff (Talisker) (Aug 20)
  - Height of paranoia WALI (Aug 27)
    - Re: Height of paranoia Adriel Desautels (Aug 28)
    - RE: Height of paranoia Murda Mcloud (Aug 28)
    - Re: Height of paranoia Adam Pal (Aug 28)
    - RE: Height of paranoia Scott Race (Aug 28)
    - RE: Height of paranoia Rivest, Philippe (Aug 28)
    - Re: Height of paranoia pinowudi (Aug 28)
    - Message not available
    - Re:Height of paranoia reflect ocean (Aug 28)

(Thread continues...)