Security Basics mailing list archives
Re: SIM Suggestions
From: "R Buena" <dreamsbig () gmail com>
Date: Sun, 3 Aug 2008 01:44:22 -0400
I would like to add to this thread by asking a question about the administrative overhead of everyone's respective SIM? This will probably help Ricardo in shopping for a SIM. I find once you get a SIM to start collecting, correlating, and reporting it tends to break more as it is a system with a lot of "moving parts" collecting logs from operating systems event logs, syslogs, database audit tables, proxy logs, and whatever else logs you have or want to collect. When I mean break, I find that managing and maitaining a SIM daily is a full time job or what amounts to a lot of overtime for an admin. Given this, it is important to have a very good technical support team and support contract from the vendor of your SIM and a whole LOT of patience. Make sure you also get the latest and greatest hardware to run your SIM. I believe this later suggestion may have added to the issues I currently have with a SIM. There seems to be a lot of response about Cisco MARS, but does anyone else use any of the Gartner leading SIM solutions such as NetForensics, enVision, TriGeo,Arcsight, or Intellitactics? FYI-I use enVision On Tue, Jul 29, 2008 at 10:29 AM, Lafosse, Ricardo <rlafosse () sfwmd gov> wrote:
Hello all, I know this is going to be a full loaded answer however we are interested in acquiring a SIM. Any good/bad experiences and/or suggestions would be greatly appreciated. We are a medium sized organization. Thanks, Ricardo
Current thread:
- Re: SIM Suggestions R Buena (Aug 03)
- Re: SIM Suggestions Glenn (Aug 05)
- <Possible follow-ups>
- Re: SIM Suggestions pelletier . norbert (Aug 08)
- Re: Re: SIM Suggestions sgonzalez (Aug 08)
- Re: Re: SIM Suggestions ॐ aditya mukadam ॐ (Aug 11)
- Re: SIM Suggestions Albert Gonzalez (Aug 11)