RE: OSSIM Fedback

[Mark Lists <markd_lists () yahoo de>]

I tried to use OSSIM in the past without much success.
The installation was horrible and it lacked some of
the options I wanted (like being able to easily modify
the code and configure it for my company "special"
requirements). 

Since our main concern was with log correlation (from
syslog and snort) we ended up writting our own
perl/php code to handle that. 

Lately we have been looking again for an open source
SIM solution and we found OSSEC (ossec.net) to be a
very good solution. It has a very good syslog
correlation and it also supports snort and fw logs.
On the  negative side, it does not have a web
interface (but we are doing that by ourselves).

thanks. Mark


--- Koolk3 <koolk3 () gmail com> schrieb:

> Hello everyone,
>
> I have been following these lists for some time now
> and have seen some
> messages on OSSIM (www.ossim.net) [Open Source
> Security Information
> Management]. It seems like a great product but lacks
> documentation and
> reviews on the Internet.
>
> I am looking for some feedback on the usefulness and
> practicaility
> (interms or maintenance and configuration) of this
> software. I am
> mainly interested in OSSIM as a corelation tool /
> log analysis for
> now. But if it works well as an IDS I would like to
> propose this as an
> alternative to commercial IDS to the management.
>
> Has anyone tried the latest version of the product
> (0.9.9)? Any
> feedback on installation and usability would be
> great.
>
> I would be very much interested in hearing your
> success or horror
> stories with this.
>
> I have searched the web for 3rd party reviews on
> this. Haven't found
> much. So if you know of any please let me know.
>
> Thanks.
>
> KoolK3
------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it 
> with real-world attacks from CORE IMPACT.
> Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
------------------------------------------------------------------------
>


__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. 
http://mail.yahoo.com 

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------