Educause Security Discussion mailing list archives
Re: NitroSecurity SIEM platform
From: ClarkJK <clarkjk () COFC EDU>
Date: Fri, 24 Jul 2009 15:28:43 -0400
Splunk has worked great for analyzing log files. IP addresses are easily searched across any device syslog. It is very quick. I have found myself using their Live Tail function quite a bit while troubleshooting. Reporting is simple and effective. In all I have been very impressed with the software. We do have all the IPS data going to Splunk, but I do find myself going back to the Nitro to view that data as it is easier to identify the rules in the Nitro SIEM Thanks, Joseph Clark Senior Network Engineer College of Charleston clarkjk () cofc edu On 7/24/09 1:33 PM, "Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU> wrote:
How do you like Splunk and have you upgraded to version 4? Stephen W. Bradley SSCP GCIH GCFA CISSP Network Security Specialist Miami University Security Engineering Business & Infrastructure Services 513-529-8129 bradlesw () muohio edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of ClarkJK Sent: Friday, July 24, 2009 12:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] NitroSecurity SIEM platform We have been using Nitrosecurity for 2 1/2 years. Some of the problems we have encountered are some outside venders logs not being searchable. It would not put the appropriate tag on a field. You could see the IP in the Log on the main screen, but could not search for that IP and it come up in the results. This may have been fixed as we ended up moving a lot of our external logs to Splunk. We are now mainly using Nitro to report and log on our IPS infrastructure which it has been working great at. Thanks, Joseph Clark Senior Network Engineer College of Charleston clarkjk () cofc edu On 7/24/09 10:24 AM, "Charles Seitz" <cseitz () UTM EDU> wrote: Does anyone on this list use the NitroSecurity SIEM platform who would care to share their experiences? We saw a demo of it yesterday, and to say the least, I was impressed. It appears to be far beyond what our current solution is capable of in terms of speed and functionality, but of course the proof is in the pudding, so to speak. Thanks, Charlie Charles A. Seitz Senior Security Analyst University of Tennessee Information Security Office Martin Campus cseitz () tennessee edu (731) 881-7966
Current thread:
- Re: NitroSecurity SIEM platform, (continued)
- Re: NitroSecurity SIEM platform Dexter Caldwell (Jul 24)
- Re: NitroSecurity SIEM platform Anand S Malwade (Jul 24)
- Re: NitroSecurity SIEM platform Erik Decker (Jul 24)
- Re: NitroSecurity SIEM platform Paul Keser (Jul 24)
- Re: NitroSecurity SIEM platform ClarkJK (Jul 24)
- Re: NitroSecurity SIEM platform Bradley, Stephen W. Mr. (Jul 24)
- Re: NitroSecurity SIEM platform Christopher Jones (Jul 24)
- Re: NitroSecurity SIEM platform Brian Epstein (Jul 24)
- Re: NitroSecurity SIEM platform Basgen, Brian (Jul 24)
- Re: NitroSecurity SIEM platform Erik Decker (Jul 24)
- Re: NitroSecurity SIEM platform ClarkJK (Jul 24)