Re: SIM Suggestions

["ॐ aditya mukadam ॐ" <aditya.mukadam () gmail com>]

Well, netforensics SimOne has extensive corelation rules options !

Thanks,
Aditya Govind Mukadam

On Wed, Jul 30, 2008 at 1:45 PM, Vu Anh Tu <fpt-noc () fpt net> wrote:
> Hi all,
>
> The heart of SIMs is the correlation engine, I have tried MARS, Netforensics
> but was not interested in the products, cause the correlation engine is too
> simple. Without a good correlation engine a SIM is not different from a log
> analyzer.
>
> Vu Anh Tu
> FPT Telecom
>
> On Jul 29, 2008, at 10:11 PM, Mike Theriault wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > It depends on your budget. ArcSight and EnVision are the best players in
> > this
> > space.
> >
> >
> > Regards,
> >
> > Mike Theriault
> > Corporate Security Engineer
> >
> >
> > - -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On
> > Behalf Of Lafosse, Ricardo
> > Sent: Tuesday, July 29, 2008 10:30 AM
> > To: security-basics () securityfocus com
> > Subject: SIM Suggestions
> >
> > Hello all,
> >
> > I know this is going to be a full loaded answer however we are
> > interested in acquiring a SIM. Any good/bad experiences and/or
> > suggestions would be greatly appreciated. We are a medium sized
> > organization.
> > Thanks,
> >
> > Ricardo
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (MingW32)
> >
> > iQEVAwUBSI8zEinWlVJ1fs3ZAQKm7Af+NkzqC6fftRCpX33FFN3M741JTzx4YSCQ
> > l2x6q7wKWT5ecApX4SXJncvQoPMrfp6vT/ybPFRnRi7IawqXmIvsLlvcnqmHatzz
> > xcGRtxw7AXX9fm/hKsIkvEOAj43attZtDigMnOZMGkmqdsimGAxuaDc/1FyjiEo1
> > lLnPhtWnu+C4DPnkQimyNwkqNKVikCWuAE86y/lgStnTrx5R6AnfMBbc5KoNTq7t
> > 3j9ww6gp/5imx1ZZi8Q1n6j1BZx0+la2yqf6PVy8PEFfNd2mmfoIiBvdMDfkqroJ
> > YQUW6w6nFKi7nKrA+GC551rdUqFEW4+ul89YuDtXZkDc7NkDQHKttA==
> > =4qES
> > -----END PGP SIGNATURE-----