IDS mailing list archives
IDS Management/SIM Systems
From: eric.hines () appliedwatch com
Date: Tue, 17 Jun 2003 07:26:18 -0700
Mayank, If I am understanding you correctly, you are talking about a Security Information Management System that integrates monitoring capabilities of Intrusion Detection Systems beyond SNMP traps. Several SIM systems exist out there, just to name a few: 1. eSecurity, Inc. 2. Arcsight 3. Net Forensics And for my favorite point in the email, our own vendor plug. Our SIM is the first of it's kind, OS-native system for monitoring the Snort IDS, ripping users from the web browser to the Desktop. We are a first to market SIM system dedicated to open-source security solutions, providing upcoming support for Snort-Inline, Prelude, PF, IPchains, etc. For more information, http://www.appliedwatch.com will allow you access to download the software. It really depends on what you are looking to do. I guess I need more understanding of your environment, and instead of "what if the company is doing this" sort of questions, could you possibly tell us exactly what it is you want to do and what is setup there? What IDS are you using and why concern for SNMP for management? Is this the only alerting/management protocol your IDS supports?
From what I read from your email, your company currently outsources the
monitoring of your network and you now want to do your own IDS monitoring in- house in conjunction with what they are doing to augment the efforts? Please advise. Regards, Eric Hines CEO, Chairman Applied Watch Technologies, Inc. http://www.appliedwatch.com Toll Free: (877) 262-7593 From: Mayank-Bhatnagar [mailto:mayank () ncb ernet in] Sent: Friday, June 13, 2003 10:21 AM To: focus-ids () securityfocus com Subject: IDS and NMS hi folks, Well there is this issue that I would like to put to the group. "Requirement of an interface of an IDS with an already installed Network Management System". Let me state it like this, If we have a managed IDS product it might have its own management console and its own configurations, server etc. However an organisation which is running a NMS might wish to incorporate IDS, its features on the NMS itself and might not wish to invest on another Management Console. There are some products like HP-OPen View which incorporate IDS in their feature set.But this scenario is different in the sens that one has build a NMS and also provided IDS functionality using SNMP. The other case is where an independent IDS solution (independent of SNMP), getting incorporated in a NMS. How much is this a viable solution or whether such requirement could exist, and if yes, what could be implications of same? As far as I know, top notch IDS products dont have any integration with NMS, Some do send traps (which could be a minimal part of IDS ie sending alerts to IDS management console as well as NMS) Hope I am clear enough..... Waiting for some views...... thanks and regards, Mayank ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- IDS Management/SIM Systems eric . hines (Jun 17)
- Re: IDS Management/SIM Systems Mike Coliton (Jun 17)