Re: NitroSecurity SIEM platform

["Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU>]

How do you like Splunk and have you upgraded to version 4?





Stephen W. Bradley SSCP GCIH GCFA CISSP

Network Security Specialist

Miami University

Security Engineering

Business & Infrastructure Services

513-529-8129

bradlesw () muohio edu<mailto:bradlesw () muohio edu>






________________________________
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of ClarkJK
Sent: Friday, July 24, 2009 12:56 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] NitroSecurity SIEM platform

We have been using Nitrosecurity for 2 1/2 years. Some of the problems we have encountered are some outside venders 
logs not being searchable. It would not put the appropriate tag on a field. You could see the IP in the Log on the main 
screen, but could not search for that IP and it come up in the results. This may have been fixed as we ended up moving 
a lot of our external logs to Splunk. We are now mainly using Nitro to report and log on our IPS infrastructure which 
it has been working great at.

Thanks,
Joseph Clark
Senior Network Engineer
College of Charleston
clarkjk () cofc edu


On 7/24/09 10:24 AM, "Charles Seitz" <cseitz () UTM EDU> wrote:
Does anyone on this list use the NitroSecurity SIEM platform who would care to share their experiences? We saw a demo 
of it yesterday, and to say the least, I was impressed. It appears to be far beyond what our current solution is 
capable of in terms of speed and functionality, but of course the proof is in the pudding, so to speak.

Thanks,

Charlie
________________________________
Charles A. Seitz
Senior Security Analyst
University of Tennessee Information Security Office
Martin Campus
cseitz () tennessee edu
(731) 881-7966