PaulDotCom mailing list archives
Re: Looking for some event and security log monitoring software
From: Champ Clark III <cclark () quadrantsec com>
Date: Tue, 10 Jul 2012 19:03:13 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/10/12 10:10 AM, Brian Schultz wrote:
So I recently started a new job at a small-ish hospital and was tasked with setting up something that can audit security logs. It sounds and is pretty vague, but this is for HIPAA compliance. I'm more of an infrastructure guy and haven't had a chance to deal with security much and my only exposure is really through the podcast. I have no idea what products are out there to do these things. The environment here is about 99.99% Windows. I was taking a look at Solarwinds Log and Event Manager which looks pretty good so far, but it also requires an agent to be installed on any machines you want to monitor which can be a hassle.
Hello, Now days, most network devices support syslog (Cisco routers, switches, *nix boxes). Unfortunately, Windows Event logs are a different format, so in many cases, you have to load a "Event to Syslog" agent in order to get them to your SIEM in "real time". My point is that many solutions for Windows require a Windows "agent" to be loaded. There are a lot of agents out there. Adiscon makes one (the author of rsyslog), Snare and even a Evt2sys open source agent (http://code.google.com/p/eventlog-to-syslog/). If you're up for the task, you might want to look at Sagan (http://sagan.quadrantsec.com). It's a open source solution which can identify threats and correlate them with Sourcefire's "Snort" IDS/IPS sensors in real time. If you need a more "appliance" approach, you can inquire about that @ http://www.quadrantsec.com. Obvious disclaimer: I do work at Quadrant Information Security. - -- - - Champ Clark III (cclark () quadrantsec com) Quadrant Information Security (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP/LSxAAoJENnmXt7Lmc3KQ1kH/jw1WhjD2fg7c5I0ywi4Tz7P /+LBbLPC9oKmhTp4C6Bjy6BZq0S3VdossuMB9tqP7B6CHQjnIC24b1uT5y2lgK5B EMaxV69oflzxdJfGRaukOvLmj7DzJBqbdc9BwUj9Nfi3zmPaPwcVXWOY6vlVs3NP KtpnKxpxwK3hekr4at3LILNhL2PHyqYVLUYNhGNnArGEwdu7njBMHocu8YcLiErw /4mdtPmlyz0HRT8ce4f3hqacSawTV93PMAjfKw23PVTdoJg87kD3mrP+cPpjnzsC xkvlVWwl/x2k9GWlqpnPEJf7q6f4DjcmQZyYCph9QaQeQ78eMXxnlNmt/pqlY28= =2772 -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Looking for some event and security log monitoring software, (continued)
- Re: Looking for some event and security log monitoring software Doug Burks (Jul 11)
- Re: Looking for some event and security log monitoring software Bigger Thomas (Jul 10)
- Re: Looking for some event and security log monitoring software Chesmore, Michael [DAS] (Jul 11)
- Re: Looking for some event and security log monitoring software Champ Clark III (Jul 10)
- Re: Looking for some event and security log monitoring software fd (Jul 11)
- Re: Looking for some event and security log monitoring software Chris Tizzano (Jul 17)
- Re: Looking for some event and security log monitoring software Chris Keladis (Jul 18)
- Re: Looking for some event and security log monitoring software Mike Patterson (Jul 11)
- Re: Looking for some event and security log monitoring software Mike Patterson (Jul 11)
- Re: Looking for some event and security log monitoring software Brian Schultz (Jul 11)
- Re: Looking for some event and security log monitoring software Ron Gula (Jul 11)