Penetration Testing mailing list archives
Re: [PEN-TEST] Audit package
From: Hiromi Yanaoka <yanaoka () LAC CO JP>
Date: Sat, 30 Sep 2000 01:58:53 +0900
"Re: [PEN-TEST] Audit package" "Talisker <Talisker () NETWORKINTRUSION CO UK>" wrote:
Theres a description on each and links to the vendor sites on my site below http://www.networkintrusion.co.uk/ The IDS List
I have checked this well-summarized page of IDS List. My search focus for IDS is which HIDS applies BSM on Solaris. I understand that BSM is a powerful way of detecting and tracing intrusions on the host-base. Yet, it is not widely known for lack of good documentation. You can also find a list of HIDS from: http://www.securityfocus.com/templates/tools_category.html? category=17&platform=&path=[%20intrusion%20detection%20][%20host%20] In addition, there are some good papers such as http://www.securityfocus.com/focus/ids/articles/idsbsm.html http://www.ce.chalmers.se/staff/sax/unix-sec-log.pdf and others... Since BSM keeps logs at a very low level(system call level) and provides details on what actually an intruder did, BSM is a nice tool for forensic cases as well. Yet, this means also you end up with huge logs which are incomprehensible and unreasonable to trace with human beings' eyes. Therefore, there is no use unless there is a system which interprets to the human readable as the paper above points out you need some kind of scripts or something to make BSM more useful. Although BSM includes some utilities their features are limited. If you want to *analyze* logs, it needs something else. So, my question leads to which ones are the one that are making BSM more useful. Please forgive me if my question overlaps some of the threads from IDS ML and if this is unrelated for this ML.
From what I have found out so far, those using BSM are as follows
(from Talisker's post):
EMERALD eXpert-BSM RealSecure Agent auditGUARD
#Since my due for the search is coming up, I have decided to #throw a question here. Thanx. Ciao --Hiromi
Current thread:
- [PEN-TEST] Audit package Michael Graham (Sep 27)
- Re: [PEN-TEST] Audit package Frank Heyne (Sep 27)
- Re: [PEN-TEST] Audit package Peter Rietveld (Sep 27)
- <Possible follow-ups>
- Re: [PEN-TEST] Audit package H Carvey (Sep 27)
- Re: [PEN-TEST] Audit package Talisker (Sep 28)
- Re: [PEN-TEST] Audit package Hiromi Yanaoka (Sep 29)
- Re: [PEN-TEST] Audit package Talisker (Sep 29)
- Re: [PEN-TEST] Audit package Talisker (Sep 28)
- Re: [PEN-TEST] Audit package Richard Hutchinson (Sep 28)
- Re: [PEN-TEST] Audit package Jensen, Greg (Sep 28)
- Re: [PEN-TEST] Audit package H Carvey (Sep 29)
- Re: [PEN-TEST] Audit package Mark Teicher (Sep 29)
- Re: [PEN-TEST] Audit package Talisker (Sep 30)