IDS mailing list archives
RE: IDS/IPS system with Foundry sFlow
From: "Monk, Scott" <MonkScott () bfusa com>
Date: Wed, 23 Apr 2008 08:44:44 -0500
Yes, the sFlow is sampled 1 of 32 packets and higher. Yes, IronView can export all data in real time to a pcap format that snort (locally or remotely) can read and then send alerts back to the IronView console. Also Lancope has a StealWatch XE for sFlow. Thanks, Scott -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Martin Roesch Sent: Tuesday, April 22, 2008 1:19 PM To: Security Group Cc: focus-ids () securityfocus com Subject: Re: IDS/IPS system with Foundry sFlow When you say "with sFlow" do you mean analyze the sFlow records or analyze the packets on the wire and correlate it with the sFlow data? -- Sent from my iPhone On Apr 21, 2008, at 3:42 PM, "Security Group" <secgro () gmail com> wrote:
Hello, We have got a network with an embedded support for sFlow technology. We also want to have a good IDS/IPS system. Does anyone know a good setup with our foundry? We noticed that Foundry got their own application called "IronView Network Manager", it is able to operate with snort. Does anyone know of this is a good solution? Or should we use an sFlow converter (e.g. InMon sFlow toolkit) that can work with snort? What are the other possibilities for IDS/IPS besides snort. It has to operate with the sFlow technology. Kind regards, Babel Timo --- --------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig n=intro_sfw
to learn more. --- ---------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig n=intro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- IDS/IPS system with Foundry sFlow Security Group (Apr 22)
- Re: IDS/IPS system with Foundry sFlow Martin Roesch (Apr 22)
- RE: IDS/IPS system with Foundry sFlow Adamo, Alfonso (Apr 22)
- Re: IDS/IPS system with Foundry sFlow Adam Powers (Apr 22)
- RE: IDS/IPS system with Foundry sFlow Monk, Scott (Apr 24)
- Re: IDS/IPS system with Foundry sFlow Martin Roesch (Apr 25)
- RE: IDS/IPS system with Foundry sFlow Monk, Scott (Apr 25)
- Re: IDS/IPS system with Foundry sFlow Martin Roesch (Apr 22)
- Re: IDS/IPS system with Foundry sFlow Adam Powers (Apr 22)
- RE: IDS/IPS system with Foundry sFlow Otis DuPont (Apr 24)