Re: Considering nSight, any opinions?

[Jason Heschel <jason.heschel () gmail com>]

Jon,

Actually ntop is what we're trying to move off of. It's a great tool,
but we needed more data and more flexibility.

We looked at Q1Labs QRadar as well, but couldn't afford it. nSight
appears to be somewhere in the middle.

On 7/28/05, Jon Dossey <JDossey () deltahealthgroup com> wrote:
> > Hi list,
> >
> > I tried sending this to a SecurityFocus list but I think everyone's at
> > Blackhat or something. :)
> >
> > We've spent the last few weeks evaluating nSight (www.intrusense.com).
> > It's been very helpful in identifying exactly what, when and who is
> > eatting up all of our internal network bandwdith as well expose some
> > 'strange' internal network behavior which was causing some
> > intermittent problems with our Windows hosts.  Anyways, we're now
> > considering making a purchase.
> >
> > I'm curious to hear any opinions, problems or praise people have for
> > this software. Does it scale well? It seems to collect a lot of
> > information. How does it perform after collecting several months worth
> > of data?
> >
> > -jason
>
> I'm a big fan of NTOP (http://www.ntop.org) personally.
>
> Just span some ports on a core switch, setup your netflows, and watch
> the fireworks.  Great piece of software.  Just need to remember the
> PF_RING kernel patch if you're capturing a significant amount of
> traffic.
>
> .jon
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/