IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: NetFlow for IDS

From: "Gary Halleen (ghalleen)" <ghalleen () cisco com>
Date: Mon, 18 Jul 2005 09:21:15 -0700
That list is handy, but incomplete. 

Cisco MARS should be added.  MARS is a SIM product that receives log
information from various sources (firewalls, routers, switches, IDS/IPS,
host logs, antivirus, and more).  It also receives netflow, and can
provide very useful security-related information based on it.

Gary


-----Original Message-----
From: Andy Cuff [mailto:lists () securitywizardry com] 
Sent: Thursday, July 14, 2005 2:21 PM
To: focus-ids () securityfocus com
Subject: NetFlow for IDS


Netflow data offers a valuable source of IDS information. To this end
Jeff Ames has detailed all known Netflow analysis tools on a single page
at http://securitywizardry.com/protNetFlowA.htm

As always please notify us of any omissions or errors

   Regards
Andy Cuff
Chief Technology Officer
Computer Network Defence Ltd
http://SecurityWizardry.com
Phone (+44) (0) 7968 608945




------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: