Re: Network flow log consolidation

["Ensz, Sean A." <ensz () OU EDU>]

You might consider looking at QRadar by Q1Labs (www.q1labs.com). We have been
using it for almost a year new and we have happy with the product. It does a
good job of analyzing Netflow, sFlow, JFlow, et al... You can also place a
collector on a SPAN port or tap to get full layer-7 analysis. They recently
added SEM capability in their latest release that supports a whole smorgasbord
of security logs that correlates with the flow data.

---
Sean Ensz
CISSP, GSEC, EnCE
IT Security Analyst
University of Oklahoma


-----Original Message-----
From: Logan Browne [mailto:lcb () UCSD EDU]
Sent: Tuesday, April 25, 2006 2:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Network flow log consolidation

Tangential to the discussion of syslog parsing, are any others on the
list evaluating or implementing products to consolidate network flow
logs? This would be a precursor to trend analysis and perhaps some
security event correlation processes.

I have looked at some products in a past position and am wondering which
products or systems you find valuable.

--
Logan Browne, CISSP, CISM
Network Security Manager
University of California, San Diego
<lcb () ucsd edu>
(858)822-5343

Attachment: smime.p7s
Description: