PaulDotCom mailing list archives
Re: Experiences with Immunity's El Jefe
From: Michael Lubinski <michael.lubinski () gmail com>
Date: Mon, 6 Jun 2011 12:28:44 -0500
+1 on wanting feedback. This has been in the back of my mind for a while now. On Mon, Jun 6, 2011 at 6:21 AM, Ron Gula <rgula () tenable com> wrote:
On 6/5/2011 9:02 AM, Marius wrote:Hi! Since no one answered, I'll try my best here. On 24 May 2011 16:04, Beetz <beetz.security () gmail com> wrote:I'd be interested to hear the community's experiences with El Jefe - for example has anyone deployed it in a limited basis in a production environment,First of all I would recommend the ElJefe mailing list. You'll have better luck finding experience there. I deployed ElJefe and beta-tested several releases. The interesting point for me was seeing it log me exploiting applications on Windows hosts. For a VM hacking lab ElJefe is quite recommendable. But for a large production environment I'd only monitor important key assets and not every application due to false-positives and performance issues.Hi Marius, I'm a big fan of performing process monitoring and would love more feedback from you. What sort of performance issues did you see? Did the OS run slower with this level of monitoring? I'm curious what level of performance you already had before installing ElJefe. I'm also curious what impact to the system something like enabling process audit logging (if you are windows) may have had. This is how we gather logs like that for our Tenable products. Also, what kind of false positvies did you see? Were there actual cases where a process was logged running by ElJefe yet it wasn't there? Lastly, I agree it does take effort to gather logs and focusing on your servers is better than not logging any processes at all. However, I strongly recommend you at least enable process accounting on your desktop/laptop systems and collect this information. -- Ron Gula, CEO Tenable Network Security http://www.tenable.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Experiences with Immunity's El Jefe Beetz (May 24)
- Re: Experiences with Immunity's El Jefe Marius (Jun 05)
- Re: Experiences with Immunity's El Jefe Ron Gula (Jun 06)
- Re: Experiences with Immunity's El Jefe Michael Lubinski (Jun 06)
- Re: Experiences with Immunity's El Jefe Ron Gula (Jun 06)
- Re: Experiences with Immunity's El Jefe Marius (Jun 05)