IDS mailing list archives
RE: Correlation software
From: "Chris Petersen" <chris () security-conscious com>
Date: Tue, 23 Mar 2004 11:13:55 -0700
**** Fair-warning, I am the CTO of a Log Management/Correlation Company ***** The products I am familier with in this area are: - ArcSight (strong in correlation & eye-candy) - Intellitactics (good underlying engine from what I've heard) - GuardedNet (Have heard a log of good things about this product. I think they get it) - NetForensics (strong on reporting side) - Addamark (not sure what they have for correlation, heavy focus on log management) - Open (???) - LogRhythm... LogRhythm takes a somewhat different approach than the aformentioned. It's based on a distributed log management architecture on top of which event management is built. Users can deploy our rules or develop their own to identify and transform logs into events. Events are then forwarded to an event management system. However, instead of throwing away the log or normalizing beyond the point of recognition, the orginal logs remain stored at the log management layer and can be queried on-demand to support event analysis. We are also doing some very interesting things in the area of data-mining intrusion/fraud detection. For additional information on LogRhythm, a technical whitepaper is available at http://www.security-conscious.com/literature.html Chris Petersen Security Conscious, Inc. chris () security-conscious com www.security-conscious.com
-----Original Message----- From: sam () neuroflux com [mailto:sam () neuroflux com] Sent: Thursday, March 18, 2004 9:07 AM To: focus-ids () securityfocus com Subject: Correlation software Hello.. Thank you all for your responses to my Entercept email, they have all been fantastic! I am also looking to find out if there are any commercial Log Correlation packages available? I'm looking for something that can correlate Firewall + IDS + HIDS type of logs and create a logical flow of events.. Can anyone recommend, or point me in the right direction? Thanks! -Sam -------------------------------------------------------------- ------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT. Visit: www.coresecurity.com/promos/sf_eids1 to learn more. -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Correlation software sam (Mar 18)
- RE: Correlation software Mark Titley (Mar 19)
- Re: Correlation software Mike Lyman (Mar 22)
- RE: Correlation software Chris Petersen (Mar 23)
- RE: Correlation software Tadeo Cwierz (Mar 25)
- Re: Correlation software Rainer Duffner (Mar 23)
- <Possible follow-ups>
- Re: Correlation software Johann_van_Duyn (Mar 19)
- RE: Correlation software Phil Hollows (Mar 19)
- RE: Correlation software Chris Kirschke (Mar 19)
- Re: Correlation software Raffael Marty (Mar 22)
- RE: Correlation software Alberto Gonzalez (Mar 22)
- RE: Correlation software Mariusz Burdach (Mar 22)
- RE: Correlation software Joe Luna (Mar 22)
- RE: Correlation software AJ Butcher, Information Systems and Computing (Mar 25)
(Thread continues...)