IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: OSSIM Fedback

From: Mark Lists <markd_lists () yahoo de>
Date: Tue, 13 Jun 2006 16:55:05 +0200 (CEST)
I tried to use OSSIM in the past without much success.
The installation was horrible and it lacked some of
the options I wanted (like being able to easily modify
the code and configure it for my company "special"
requirements). 

Since our main concern was with log correlation (from
syslog and snort) we ended up writting our own
perl/php code to handle that. 

Lately we have been looking again for an open source
SIM solution and we found OSSEC (ossec.net) to be a
very good solution. It has a very good syslog
correlation and it also supports snort and fw logs.
On the  negative side, it does not have a web
interface (but we are doing that by ourselves).

thanks. Mark


--- Koolk3 <koolk3 () gmail com> schrieb:


Hello everyone,

I have been following these lists for some time now
and have seen some
messages on OSSIM (www.ossim.net) [Open Source
Security Information
Management]. It seems like a great product but lacks
documentation and
reviews on the Internet.

I am looking for some feedback on the usefulness and
practicaility
(interms or maintenance and configuration) of this
software. I am
mainly interested in OSSIM as a corelation tool /
log analysis for
now. But if it works well as an IDS I would like to
propose this as an
alternative to commercial IDS to the management.

Has anyone tried the latest version of the product
(0.9.9)? Any
feedback on installation and usability would be
great.

I would be very much interested in hearing your
success or horror
stories with this.

I have searched the web for 3rd party reviews on
this. Haven't found
much. So if you know of any please let me know.

Thanks.

KoolK3



------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to


http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708


to learn more.


------------------------------------------------------------------------






__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. 
http://mail.yahoo.com 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: