IDS mailing list archives
RE: ISS Siteprotector as syslog server?
From: "Leandro Reox" <lmet5on () fibertel com ar>
Date: Mon, 6 Dec 2004 13:26:44 -0300
Third Pary Module my friend is listed and has documentation. http://www.iss.net/products_services/enterprise_protection/rssite_protec tor/tpm.php http://www.iss.net/support/documentation/docs.php?product=36&family=8 Hope it helps Cheers ! -----Original Message----- From: PPowenski () oag com [mailto:PPowenski () oag com] Sent: Lunes, 06 de Diciembre de 2004 12:47 p.m. To: NBrito () iss net; lmet5on () fibertel com ar; RBowes () gov mb ca; focus-ids () securityfocus com Subject: RE: ISS Siteprotector as syslog server? Could you please explain why this 'adapter' is not listed as a product or has a manual... -----Original Message----- From: Brito, Nelson (ISS Brazil) [mailto:NBrito () iss net] Sent: 25 November 2004 18:34 To: Leandro Reox; Bowes, Ronald (EST); focus-ids () securityfocus com Subject: RE: ISS Siteprotector as syslog server? Sorry, but, AFAIK, the Third Party Adapter, instead of TPM (the TPM is just to collect events from PIX and FW-NG), can gets the SYSLOGD events and send it to RSSP. In fact, you can do it using a simple "User Defined Events" under "Syslog and Text Events" on "OS Events" tab (sensor policy). You can set a syslog or a text log entry. And those entries can be used for correlation, but be aware that we have more than one type of correlation, this one is just to put together the security events and making easier the search and tracing of a security event. Rgds. - nb {(!($^O=~/^[M]*$32/i)&&($0=~s!^.*/!!))||($0=~s!^.*\\!!)}print$0; -----Original Message----- From: Leandro Reox [mailto:lmet5on () fibertel com ar] Sent: Monday, November 22, 2004 4:17 AM To: 'Bowes, Ronald (EST)'; focus-ids () securityfocus com; 'Leandro Reox (Fibertel)' Subject: RE: ISS Siteprotector as syslog server? Ron: The first option depending on wich suite do you want to put to work together its an SP add-on called "Third Party Module", who lets you add another techs to the SP, with big limitations, at this moment we´re tryng to fusionate CISCO IDS with SP, and its kinda bogus. -----Original Message----- From: Bowes, Ronald (EST) [mailto:RBowes () gov mb ca] Sent: Jueves, 18 de Noviembre de 2004 12:09 p.m. To: 'focus-ids () securityfocus com' Subject: ISS Siteprotector as syslog server? We're trying to get several different systems (ips and ids) to work together, as we're evaluating ips products made by various vendors. The ips appliances we're using can export their data to a syslog server, and it would be nice if we could import the syslog data into ISS SiteProtector. Has anybody tried to do that before? Thanks, Ron Bowes ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004 ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- NOTICE: This e-mail is intended for the named recipient(s). It may contain privileged and/or confidential information. If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail and attachment(s): you must not copy, distribute, retain or take any action in reliance upon the email or attachment(s). While all reasonable efforts are made to safeguard inbound and outbound e-mails, OAG Worldwide Ltd and its affiliate companies cannot guarantee that attachments are virus-free or are compatible with your systems, and does not accept liability in respect of viruses or computer problems experienced. Thank you. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.801 / Virus Database: 544 - Release Date: 24/11/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.801 / Virus Database: 544 - Release Date: 24/11/2004 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: ISS Siteprotector as syslog server? PPowenski (Dec 07)
- RE: ISS Siteprotector as syslog server? Leandro Reox (Dec 06)