Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ISS Siteprotector as syslog server?

from [PPowenski] Network Security [Permanent Link]
Subject: RE: ISS Siteprotector as syslog server?
Date: Mon, 6 Dec 2004 15:46:41 -0000 
Could you please explain why this 'adapter' is not listed as a product or has a 
manual...


-----Original Message-----
From: Brito, Nelson (ISS Brazil) [mailto:NBrito@iss.net] 
Sent: 25 November 2004 18:34
To: Leandro Reox; Bowes, Ronald (EST); focus-ids@securityfocus.com
Subject: RE: ISS Siteprotector as syslog server?


Sorry, but, AFAIK, the Third Party Adapter, instead of TPM (the TPM is just to 
collect events from PIX and FW-NG), can gets the SYSLOGD events and send it to 
RSSP.  
  
In fact, you can do it using a simple "User Defined Events" under "Syslog and 
Text Events" on "OS Events" tab (sensor policy). You can set a syslog or a text 
log entry.  

And those entries can be used for correlation, but be aware that we have more 
than one type of correlation, this one is just to put together the security 
events and making easier the search and tracing of a security event.

Rgds.

- nb

{(!($^O=~/^[M]*$32/i)&&($0=~s!^.*/!!))||($0=~s!^.*\\!!)}print$0;

 

-----Original Message-----
From: Leandro Reox [mailto:lmet5on@fibertel.com.ar] 
Sent: Monday, November 22, 2004 4:17 AM
To: 'Bowes, Ronald (EST)'; focus-ids@securityfocus.com; 'Leandro Reox 
(Fibertel)'
Subject: RE: ISS Siteprotector as syslog server?


Ron:
        The first option depending on wich suite do you want to put to work 
together its an SP add-on called "Third Party Module", who lets you add another 
techs to the SP, with big limitations, at this moment we´re tryng to fusionate 
CISCO IDS with SP, and its kinda bogus.

-----Original Message-----
From: Bowes, Ronald (EST) [mailto:RBowes@gov.mb.ca] 
Sent: Jueves, 18 de Noviembre de 2004 12:09 p.m.
To: 'focus-ids@securityfocus.com'
Subject: ISS Siteprotector as syslog server?

We're trying to get several different systems (ips and ids) to work together, 
as we're evaluating ips products made by various vendors.  

The ips appliances we're using can export their data to a syslog server, and it 
would be nice if we could import the syslog data into ISS SiteProtector. Has 
anybody tried to do that before?

Thanks,
Ron Bowes


------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
NOTICE: This e-mail is intended for the named recipient(s). It may contain 
privileged and/or confidential information. If you are not one of the intended 
recipients, please notify the sender immediately and destroy this e-mail and 
attachment(s): you must not copy, distribute, retain or take any action in 
reliance upon the email or attachment(s). While all reasonable efforts are made 
to safeguard inbound and outbound e-mails, OAG Worldwide Ltd and its affiliate 
companies cannot guarantee that attachments are virus-free or are compatible 
with your systems, and does not accept liability in respect of viruses or 
computer problems experienced. Thank you.


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Foolin an IDS ?, Thomas Ptacek
Next by Date:  Re: NIDS and HIDS, Martin Mkrtchian
Previous by Thread:  RE: ISS Siteprotector as syslog server?, Brito, Nelson (ISS Brazil)
Next by Thread:  RE: ISS Siteprotector as syslog server?, Leandro Reox
Indexes:  [Date] [Thread] [Top] [All Lists]