IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: NetFlow for IDS

From: Mark Teicher <mht3 () earthlink net>
Date: Thu, 21 Jul 2005 20:13:50 -0400
I would add Nagios, NeoSecure by Guarded.Net and Concord Networks Spectrum to the list. 

At 09:27 PM 7/20/2005, Ron Gula wrote:

At 12:21 PM 7/18/2005, Gary Halleen (ghalleen) wrote:

That list is handy, but incomplete.

Cisco MARS should be added.  MARS is a SIM product that receives log
information from various sources (firewalls, routers, switches, IDS/IPS,
host logs, antivirus, and more).  It also receives netflow, and can
provide very useful security-related information based on it.

Gary


Along those lines, you can add any SIM that has a netflow agent or
a log analyzer that can read someone else's netflow logs. Tenable's
Thunder will do netflow in our 2.0 release and a quick survey of
other SIMs saw other folks had netflow agents as well.

Ron Gula
Tenable Network Security



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: