Security Basics mailing list archives

RE: SIM Suggestions

From: "Ramki B Ramakrishnan" <bramkie () gmail com>
Date: Wed, 30 Jul 2008 20:31:35 +0530

Splunk is good for log analysis and AFIK more economical...

http://www.splunk.com/applications

Any views on Splunk would add value to this thread.

-----
Ramki B. Ramakrishnan
Security Enthusiast
GIAC:GSEC, CvA


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Vu Anh Tu
Sent: Wednesday, July 30, 2008 1:46 PM
To: security-basics () securityfocus com
Subject: Re: SIM Suggestions

Hi all,

The heart of SIMs is the correlation engine, I have tried MARS,  
Netforensics but was not interested in the products, cause the  
correlation engine is too simple. Without a good correlation engine a  
SIM is not different from a log analyzer.

Vu Anh Tu
FPT Telecom

On Jul 29, 2008, at 10:11 PM, Mike Theriault wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It depends on your budget. ArcSight and EnVision are the best  
players in this
space.


Regards,

Mike Theriault
Corporate Security Engineer


- -----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com 
] On
Behalf Of Lafosse, Ricardo
Sent: Tuesday, July 29, 2008 10:30 AM
To: security-basics () securityfocus com
Subject: SIM Suggestions

Hello all,

I know this is going to be a full loaded answer however we are
interested in acquiring a SIM. Any good/bad experiences and/or
suggestions would be greatly appreciated. We are a medium sized
organization.
Thanks,

Ricardo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iQEVAwUBSI8zEinWlVJ1fs3ZAQKm7Af+NkzqC6fftRCpX33FFN3M741JTzx4YSCQ
l2x6q7wKWT5ecApX4SXJncvQoPMrfp6vT/ybPFRnRi7IawqXmIvsLlvcnqmHatzz
xcGRtxw7AXX9fm/hKsIkvEOAj43attZtDigMnOZMGkmqdsimGAxuaDc/1FyjiEo1
lLnPhtWnu+C4DPnkQimyNwkqNKVikCWuAE86y/lgStnTrx5R6AnfMBbc5KoNTq7t
3j9ww6gp/5imx1ZZi8Q1n6j1BZx0+la2yqf6PVy8PEFfNd2mmfoIiBvdMDfkqroJ
YQUW6w6nFKi7nKrA+GC551rdUqFEW4+ul89YuDtXZkDc7NkDQHKttA==
=4qES
-----END PGP SIGNATURE-----

Current thread:

RE: SIM Suggestions, (continued)
- - - RE: SIM Suggestions Daniel I. Didier (Jul 29)
    - RE: SIM Suggestions Ramki B Ramakrishnan (Jul 30)
- RE: SIM Suggestions Tariq Naik (Jul 29)
- RE: SIM Suggestions Ramki B Ramakrishnan (Jul 29)
- Re: SIM Suggestions ॐ aditya mukadam ॐ (Jul 29)
- RE: SIM Suggestions Mike Theriault (Jul 29)
  - Re: SIM Suggestions Vu Anh Tu (Jul 30)
    - Re: SIM Suggestions David Gadoury (Jul 31)
    - Re: SIM Suggestions Albert R. Campa (Jul 31)
    - Re: SIM Suggestions ॐ aditya mukadam ॐ (Jul 31)
    - RE: SIM Suggestions Ramki B Ramakrishnan (Jul 31)
    - Re: SIM Suggestions Kurt Buff (Jul 31)
- Re: SIM Suggestions Kurt Buff (Jul 31)