RE: ISS Siteprotector as syslog server?

Rob is correct. ISS has on numerous occasions got their foot in the door at
previous organizations I worked at on RFP's where we were looking for a SIM
solution. After they got their foot in, they admitted to only being a SIM
for ISS branded products. Its really disgusting how some vendors out there
are abusing that term. Security Information Management (SIM), Security Event
Management (SEM) is defined as aggregating and correlating information from
DIFFERENT vendors and solutions. ISS Site Protector is simply a tool that
ISS created to manage and tie together all their own products -- which is
something I'd expect ANY vendor to be able to do. Site Protector is similar
to Cisco's VMS, which ties together all their Cisco security products, etc.

So in summary, no, ISS Site Protector does not have the capability to import
in data from other solutions. You will want to look at other solutions to do
this. If this is simply for completing your evaluations, unfortunately, the
only free solution I am aware of is OSSIM -- however, I've not personally
looked at it.

Hope this helps.

Regards,
Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, Inc.
Direct: (877) 262-7593 x327
http://www.appliedwatch.com
"Open Source Security Management"

 

-----Original Message-----
From: Rob Shein [mailto:shoten@starpower.net] 
Sent: Sunday, November 21, 2004 4:47 PM
To: 'Bowes, Ronald (EST)'; focus-ids@securityfocus.com
Subject: RE: ISS Siteprotector as syslog server?

In my experience with SiteProtector, it doesn't seem to have had any
facility for even managing the data.  It's not a vendor-agnostic,
glue-everything-together kind of SIM; it's designed to provide central
management for multiple ISS products and allow you to correlate data that
comes from them.

> -----Original Message-----
> From: Bowes, Ronald (EST) [mailto:RBowes@gov.mb.ca]
> Sent: Thursday, November 18, 2004 10:09 AM
> To: 'focus-ids@securityfocus.com'
> Subject: ISS Siteprotector as syslog server?
>
>
> We're trying to get several different systems (ips and ids) to work 
> together, as we're evaluating ips products made by various vendors.
>
> The ips appliances we're using can export their data to a syslog 
> server, and it would be nice if we could import the syslog data into 
> ISS SiteProtector. Has anybody tried to do that before?
>
> Thanks,
> Ron Bowes
>
>
> --------------------------------------------------------------
> ------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_04
0708
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------