IDS mailing list archives
Re: Distributed intrusion detection systems
From: Isaac Perez Moncho <suscripcions () tsolucio com>
Date: Mon, 12 Feb 2007 20:16:31 +0100
I'm new to the list, so I lost some of the answer, maybe someone has said this one:
you can use snort + sguil: http://sguil.sourceforge.net/ Very good combination. En/na Andy Cuff ha escrit:
Hi,Most of the commercial IDS will operate in this manner http://www.securitywizardry.com/N_ids.htmUnless you want to analyse information from a different vendors for which a Security Information Manager may offer you the capability http://www.securitywizardry.com/consoles.htm Finally Netflow collectors are here http://www.securitywizardry.com/protNetFlowC.htm And netflow analysers here http://www.securitywizardry.com/protnetflowA.htm Hope this helps Andy Cuff Managing Director / CEO Computer Network Defence Ltd www.SecurityWizardry.com Tel 0870 321 9014 Mob 0701 070 9014International +44 1225 811777-----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of alakhno () gmail comSent: 08 February 2007 18:04 To: focus-ids () securityfocus com Subject: Distributed intrusion detection systems Hello!I'm looking for the examples of distributed intrusion detection systems. Here I mean intrusion detection systems, those collect network data from multiple agents and analyze it using one expert system.I'm especially interested in concrete examples of successful intrusion detections those highlight benefits of distributed IDS in comparison with multiple usual intrusion detection systems installed.Besides I'm looking for articles on distributed intrusion detection systems. Detection of traffic flows correlations, network graph models, graph metrics and network flows statistics are particularly interesting as used here.-------------------------------------------------------------- ---------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. -------------------------------------------------------------- ---------------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.------------------------------------------------------------------------ __________ InformaciĆ³n de NOD32, revisiĆ³n 2055 (20070212) __________ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Distributed intrusion detection systems alakhno (Feb 08)
- <Possible follow-ups>
- Re: Distributed intrusion detection systems Giovanni Davide Sacca' (Feb 12)
- RE: Distributed intrusion detection systems Andy Cuff (Feb 12)
- Re: Distributed intrusion detection systems Isaac Perez Moncho (Feb 12)