Educause Security Discussion mailing list archives

Re: NitroSecurity SIEM platform

From: ClarkJK <clarkjk () COFC EDU>
Date: Fri, 24 Jul 2009 15:28:43 -0400

Splunk has worked great for analyzing log files. IP addresses are easily
searched across any device syslog. It is very quick. I have found myself
using their Live Tail function quite a bit while troubleshooting. Reporting
is simple and effective. In all I have been very impressed with the
software. We do have all the IPS data going to Splunk, but I do find myself
going back to the Nitro to view that data as it is easier to identify the
rules in the Nitro SIEM

Thanks,
Joseph Clark
Senior Network Engineer
College of Charleston
clarkjk () cofc edu

On 7/24/09 1:33 PM, "Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU> wrote:

How do you like Splunk and have you upgraded to version 4?




Stephen W. Bradley SSCP GCIH GCFA CISSP
Network Security Specialist
Miami University
Security Engineering
Business & Infrastructure Services
513-529-8129
bradlesw () muohio edu






From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of ClarkJK
Sent: Friday, July 24, 2009 12:56 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] NitroSecurity SIEM platform

We have been using Nitrosecurity for 2 1/2 years. Some of the problems we have
encountered are some outside venders logs not being searchable. It would not
put the appropriate tag on a field. You could see the IP in the Log on the
main screen, but could not search for that IP and it come up in the results.
This may have been fixed as we ended up moving a lot of our external logs to
Splunk. We are now mainly using Nitro to report and log on our IPS
infrastructure which it has been working great at.

Thanks,
Joseph Clark
Senior Network Engineer
 College of Charleston
clarkjk () cofc edu


On 7/24/09 10:24 AM, "Charles Seitz" <cseitz () UTM EDU> wrote:
Does anyone on this list use the NitroSecurity SIEM platform who would care to
share their experiences? We saw a demo of it yesterday, and to say the least,
I was impressed. It appears to be far beyond what our current solution is
capable of in terms of speed and functionality, but of course the proof is in
the pudding, so to speak.

Thanks,

Charlie


Charles A. Seitz
Senior Security Analyst
University of Tennessee Information Security Office
Martin Campus
cseitz () tennessee edu
(731) 881-7966

Current thread:

Re: NitroSecurity SIEM platform, (continued)
- Re: NitroSecurity SIEM platform Dexter Caldwell (Jul 24)
- Re: NitroSecurity SIEM platform Anand S Malwade (Jul 24)
- Re: NitroSecurity SIEM platform Erik Decker (Jul 24)
- Re: NitroSecurity SIEM platform Paul Keser (Jul 24)
- Re: NitroSecurity SIEM platform ClarkJK (Jul 24)
- Re: NitroSecurity SIEM platform Bradley, Stephen W. Mr. (Jul 24)
- Re: NitroSecurity SIEM platform Christopher Jones (Jul 24)
- Re: NitroSecurity SIEM platform Brian Epstein (Jul 24)
- Re: NitroSecurity SIEM platform Basgen, Brian (Jul 24)
- Re: NitroSecurity SIEM platform Erik Decker (Jul 24)
- Re: NitroSecurity SIEM platform ClarkJK (Jul 24)