Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ISS Siteprotector as syslog server?

from [Leandro Reox] Network Security [Permanent Link]
Subject: RE: ISS Siteprotector as syslog server?
Date: Mon, 6 Dec 2004 13:26:44 -0300 
Third Pary Module my friend is listed and has documentation.

http://www.iss.net/products_services/enterprise_protection/rssite_protec
tor/tpm.php

http://www.iss.net/support/documentation/docs.php?product=36&family=8

Hope it helps

Cheers !


-----Original Message-----
From: PPowenski@oag.com [mailto:PPowenski@oag.com] 
Sent: Lunes, 06 de Diciembre de 2004 12:47 p.m.
To: NBrito@iss.net; lmet5on@fibertel.com.ar; RBowes@gov.mb.ca;
focus-ids@securityfocus.com
Subject: RE: ISS Siteprotector as syslog server?

Could you please explain why this 'adapter' is not listed as a product
or has a manual...


-----Original Message-----
From: Brito, Nelson (ISS Brazil) [mailto:NBrito@iss.net] 
Sent: 25 November 2004 18:34
To: Leandro Reox; Bowes, Ronald (EST); focus-ids@securityfocus.com
Subject: RE: ISS Siteprotector as syslog server?


Sorry, but, AFAIK, the Third Party Adapter, instead of TPM (the TPM is
just to collect events from PIX and FW-NG), can gets the SYSLOGD events
and send it to RSSP.  
  
In fact, you can do it using a simple "User Defined Events" under
"Syslog and Text Events" on "OS Events" tab (sensor policy). You can set
a syslog or a text log entry.  

And those entries can be used for correlation, but be aware that we have
more than one type of correlation, this one is just to put together the
security events and making easier the search and tracing of a security
event.

Rgds.

- nb

{(!($^O=~/^[M]*$32/i)&&($0=~s!^.*/!!))||($0=~s!^.*\\!!)}print$0;

 

-----Original Message-----
From: Leandro Reox [mailto:lmet5on@fibertel.com.ar] 
Sent: Monday, November 22, 2004 4:17 AM
To: 'Bowes, Ronald (EST)'; focus-ids@securityfocus.com; 'Leandro Reox
(Fibertel)'
Subject: RE: ISS Siteprotector as syslog server?


Ron:
        The first option depending on wich suite do you want to put to
work together its an SP add-on called "Third Party Module", who lets you
add another techs to the SP, with big limitations, at this moment we´re
tryng to fusionate CISCO IDS with SP, and its kinda bogus.

-----Original Message-----
From: Bowes, Ronald (EST) [mailto:RBowes@gov.mb.ca] 
Sent: Jueves, 18 de Noviembre de 2004 12:09 p.m.
To: 'focus-ids@securityfocus.com'
Subject: ISS Siteprotector as syslog server?

We're trying to get several different systems (ips and ids) to work
together, as we're evaluating ips products made by various vendors.  

The ips appliances we're using can export their data to a syslog server,
and it would be nice if we could import the syslog data into ISS
SiteProtector. Has anybody tried to do that before?

Thanks,
Ron Bowes


------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
 


------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--


------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--
NOTICE: This e-mail is intended for the named recipient(s). It may
contain privileged and/or confidential information. If you are not one
of the intended recipients, please notify the sender immediately and
destroy this e-mail and attachment(s): you must not copy, distribute,
retain or take any action in reliance upon the email or attachment(s).
While all reasonable efforts are made to safeguard inbound and outbound
e-mails, OAG Worldwide Ltd and its affiliate companies cannot guarantee
that attachments are virus-free or are compatible with your systems, and
does not accept liability in respect of viruses or computer problems
experienced. Thank you.

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.801 / Virus Database: 544 - Release Date: 24/11/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.801 / Virus Database: 544 - Release Date: 24/11/2004
 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS, IPS and encrypted traffic, Alexander Klimov
Next by Date:  RE: Foolin an IDS ?, Maynor, David (ISS Atlanta)
Previous by Thread:  RE: ISS Siteprotector as syslog server?, PPowenski
Next by Thread:  Foolin an IDS ?, Sec Traq
Indexes:  [Date] [Thread] [Top] [All Lists]