Re: Software to Correlate traffic from various devices

[mhellman () taxandfinance com]

Been hearing that a lot lately, but seen no facts to support. Our Cisco
reps keep saying it isn't so.  MARS certainly isn't officially EOL.  I've
been hearing about something called Crossbow that supposedly combines CSM
(device management) with something like MARS, but no roadmap as of yet
from Cisco.

Care to share any supporting info you have about the death of MARS?

> Word on the street is that Cisco Mars is going the way of the Dodo aka
> EOL'd.
> It's functionality will be pushed and integrated with some other
> product in the Cisco family.
> Z
>
> On Wed, Aug 5, 2009 at 11:13 AM, Fred H<sectester () yahoo com> wrote:
> > Another option for a big budget is Cisco Mars.  It has many templates
> > for various log input types, as well as the ability to create your own
> > custom parser.
> >
> >  Fred Hamilton
> > Information Security Analyst 2
> > Financial Sector
> >
> >
> >
> > ----- Original Message ----
> > From: Adriel T. Desautels <ad_lists () netragard com>
> > To: Aseem Kumar <kumaraseem () gmail com>
> > Cc: pen-test () securityfocus com
> > Sent: Thursday, July 30, 2009 2:11:13 PM
> > Subject: Re: Software to Correlate traffic from various devices
> >
> > Asseem,
> >    If you have big budget (about $200K for arcsight) and you can afford
> > it try ArcSight.  Its powerful but requires a lot of work to setup.
> >  Once its up and running, it really rocks!  If you don't have a massive
> > budget, then try prelude-ids from http://www.prelude-ids.org.  It is a
> > very powerful system that can be used for free, or you can pay for the
> > faster commercial modules ($10K for the works or something like that).
> > Prelude can take input from anything, normalize it with minimal to no
> > data loss, and correlate against it.
> >
> >
> >
> > On Jul 25, 2009, at 7:06 AM, Aseem Kumar wrote:
> >
> > > Hi all,
> > >
> > > I am looking for an application that will allow me to write logic to
> > > correlate alerts that can be fed in the format of (device type,alarm
> > > name(from snort ids specifically) severity level, source ip, source
> > > port, destination ip, destination port, timestamp & event count) from
> > > a csv file.
> > > The application need not be too fancy GUI kind, but one with a simple
> > > interface but allows me to write logics using complex combinations of
> > > various fields in various stages.
> > >
> > > I have a logging software that logs everything, but it correlation
> > > part is not reliable. Is anyone aware of any such software. Also not
> > > looking for very expensive software.
> > >
> > >
> > > Thanks
> > > Aseem
> > >
> > > --
> > > Love enables you to put your deepest feelings and fears in the palm of
> > > your partner's hand, knowing they will be handled with care.
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Information Assurance Certification Review
> > > Board
> > >
> > > Prove to peers and potential employers without a doubt that you can
> > > actually do a proper penetration test. IACRB CPT and CEPT certs require
> > > a full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > > ------------------------------------------------------------------------
> >
> >
> >
> >    Adriel T. Desautels
> >    ad_lists () netragard com
> >        --------------------------------------
> >
> >    Subscribe to our blog
> >        http://snosoft.blogspot.com
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review
> > Board
> >
> > Prove to peers and potential employers without a doubt that you can
> > actually do a proper penetration test. IACRB CPT and CEPT certs require
> > a full practical examination in order to become certified.
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review
> > Board
> >
> > Prove to peers and potential employers without a doubt that you can
> > actually do a proper penetration test. IACRB CPT and CEPT certs require
> > a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review
> Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------