Penetration Testing mailing list archives

Re: Software to Correlate traffic from various devices

From: Jon Hart <jhart () spoofed org>
Date: Thu, 30 Jul 2009 21:25:32 -0700

If you are doing just event correlation, SEC
(http://kodu.neti.ee/~risto/sec/) might be enough for you.  I've used
it for years with great success to do exactly what you want.  I'd also
highly recommend Splunk (http://www.splunk.com), which is free for <
500M/day and is an amazing product that'll do nearly everything that
SEC can do, but is orders of magnitude faster and more flexible.

-jon

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Software to Correlate traffic from various devices Aseem Kumar (Jul 27)
- Re: Software to Correlate traffic from various devices Miguel Tubía (Jul 27)
  - Re: Software to Correlate traffic from various devices Aseem Kumar (Jul 28)
    - Re: Software to Correlate traffic from various devices Yiannis Koukouras (Jul 30)
    - Re: Software to Correlate traffic from various devices A K (Jul 30)
    - Re: Software to Correlate traffic from various devices Jon Hart (Jul 31)
- Re: Software to Correlate traffic from various devices Adriel T. Desautels (Jul 30)
- Re: Software to Correlate traffic from various devices M.B.Jr. (Jul 31)