Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ISS Siteprotector as syslog server?

from [Brito, Nelson (ISS Brazil)] Network Security [Permanent Link]
Subject: RE: ISS Siteprotector as syslog server?
Date: Thu, 25 Nov 2004 13:34:28 -0500 
Sorry, but, AFAIK, the Third Party Adapter, instead of TPM (the TPM is just to 
collect events from PIX and FW-NG), can gets the SYSLOGD events and send it to 
RSSP.  
  
In fact, you can do it using a simple "User Defined Events" under "Syslog and 
Text Events" on "OS Events" tab (sensor policy). You can set a syslog or a text 
log entry.  

And those entries can be used for correlation, but be aware that we have more 
than one type of correlation, this one is just to put together the security 
events and making easier the search and tracing of a security event.

Rgds.

- nb

{(!($^O=~/^[M]*$32/i)&&($0=~s!^.*/!!))||($0=~s!^.*\\!!)}print$0;

 

-----Original Message-----
From: Leandro Reox [mailto:lmet5on@fibertel.com.ar] 
Sent: Monday, November 22, 2004 4:17 AM
To: 'Bowes, Ronald (EST)'; focus-ids@securityfocus.com; 'Leandro Reox 
(Fibertel)'
Subject: RE: ISS Siteprotector as syslog server?


Ron:
        The first option depending on wich suite do you want to put to work 
together its an SP add-on called "Third Party Module", who lets you add another 
techs to the SP, with big limitations, at this moment we´re tryng to fusionate 
CISCO IDS with SP, and its kinda bogus.

-----Original Message-----
From: Bowes, Ronald (EST) [mailto:RBowes@gov.mb.ca] 
Sent: Jueves, 18 de Noviembre de 2004 12:09 p.m.
To: 'focus-ids@securityfocus.com'
Subject: ISS Siteprotector as syslog server?

We're trying to get several different systems (ips and ids) to work together, 
as we're evaluating ips products made by various vendors.  

The ips appliances we're using can export their data to a syslog server, and it 
would be nice if we could import the syslog data into ISS SiteProtector. Has 
anybody tried to do that before?

Thanks,
Ron Bowes


------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Foolin an IDS ?, Sec Traq
Next by Thread:  RE: ISS Siteprotector as syslog server?, PPowenski
Indexes:  [Date] [Thread] [Top] [All Lists]