Security Basics mailing list archives
Re: RE: syslog
From: cynthia.f.chan () citi com
Date: 21 Aug 2007 03:18:59 -0000
I am not as familiar with CA's eTrust Audit tool. Does it also provide real-time correlation capabilities, the sweet spot of something like an Arcsight? Does it also enable you to correlate events coming in with critical devices - for example, allowing administrators to load asset inventory reference data and use that as part of the real-time correlation capability.
From what I can tell (and I would like R.Maheswaran's feedback given he has hands-on experience), CA is more of a non real-time Security Information (vs. Event) Management system. Am I wrong with this assumption?
Could eTrust be used as an event aggregator to eventually feed a realtime correlation engine? Is eTrust Audit more in line with RSA's enVision appliance (except it is agent-based versus agentless) from a non-real time functionality perspective? Thanks
Current thread:
- Re: RE: syslog cynthia . f . chan (Aug 21)