IDS mailing list archives

RE: Correlation software

From: "Chris Petersen" <chris () security-conscious com>
Date: Tue, 23 Mar 2004 11:13:55 -0700

**** Fair-warning, I am the CTO of a Log Management/Correlation Company
*****

The products I am familier with in this area are:
- ArcSight (strong in correlation & eye-candy)
- Intellitactics (good underlying engine from what I've heard)
- GuardedNet (Have heard a log of good things about this product.  I think
they get it)
- NetForensics (strong on reporting side)
- Addamark (not sure what they have for correlation, heavy focus on log
management)
- Open (???)
- LogRhythm...

LogRhythm takes a somewhat different approach than the aformentioned.  It's
based on a distributed log management architecture on top of which event
management is built.  Users can deploy our rules or develop their own to
identify and transform logs into events.  Events are then forwarded to an
event management system.  However, instead of throwing away the log or
normalizing beyond the point of recognition, the orginal logs remain stored
at the log management layer and can be queried on-demand to support event
analysis.  We are also doing some very interesting things in the area of
data-mining intrusion/fraud detection.  

For additional information on LogRhythm, a technical whitepaper is available
at http://www.security-conscious.com/literature.html

Chris Petersen
Security Conscious, Inc.
chris () security-conscious com
www.security-conscious.com

-----Original Message-----
From: sam () neuroflux com [mailto:sam () neuroflux com] 
Sent: Thursday, March 18, 2004 9:07 AM
To: focus-ids () securityfocus com
Subject: Correlation software


Hello..  Thank you all for your responses to my Entercept 
email, they have all been fantastic!

I am also looking to find out if there are any commercial Log 
Correlation packages available?  I'm looking for something 
that can correlate Firewall
+ IDS + HIDS type of logs and create a logical flow of events..

Can anyone recommend, or point me in the right direction?

Thanks!
-Sam


--------------------------------------------------------------
-------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from 
CORE IMPACT.

Visit: 
www.coresecurity.com/promos/sf_eids1 to learn more.
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

Correlation software sam (Mar 18)
- RE: Correlation software Mark Titley (Mar 19)
- Re: Correlation software Mike Lyman (Mar 22)
- RE: Correlation software Chris Petersen (Mar 23)
  - RE: Correlation software Tadeo Cwierz (Mar 25)
- Re: Correlation software Rainer Duffner (Mar 23)
- <Possible follow-ups>
- Re: Correlation software Johann_van_Duyn (Mar 19)
- RE: Correlation software Phil Hollows (Mar 19)
- RE: Correlation software Chris Kirschke (Mar 19)
  - Re: Correlation software Raffael Marty (Mar 22)
  - RE: Correlation software Alberto Gonzalez (Mar 22)
- RE: Correlation software Mariusz Burdach (Mar 22)
- RE: Correlation software Joe Luna (Mar 22)
  - RE: Correlation software AJ Butcher, Information Systems and Computing (Mar 25)

(Thread continues...)