Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: GFI SELM Question

from [Brian Browne] Network Security [Permanent Link]
Subject: RE: GFI SELM Question
Date: Mon, 25 Apr 2005 14:40:35 -0400 (EDT) 

I'm not sure how much you want it to scale, but I implemented SELM for a client 
recently that had bought a 20-server license and was using it to monitor 14 
servers.  We implemented it using SQL Server as the backend database as part of 
a Sarbanes-Oxley compliance effort.  

The client had initially enabled all of the pre-configured rules, so the "main" 
database quickly grew in size.  This caused problems in the archival feature -- 
where events in the "main" database older than a specific number of days are 
moved to the "backup" database, from which it is eventually deleted.  We never 
got a clear answer from GFI, but judging from the available debug information, 
it looked like there were issues with the amount of data being moved from one 
database to the other, the transaction log vs. commit frequency within the GFI 
code, and the SQL Server Recovery Model.  We resolved the issue by starting 
over from scratch (i.e., new databases) and very selectively enabling and 
defining the rules.

I recently checked in with the client, and they are happy with its performance 
at this point.  From an operational perspective, it beats manually reviewing 14 
individual security event logs.  It is priced at a point that it would be 
worthwhile for some companies verus a more expensive solution.  Of course, it 
ultimately depends on the requirements . . . 

Hope this helps.  

- Brian


-----Original Message-----
From: Graxius [mailto:graxius@gmail.com]
Sent: Friday, April 22, 2005 4:58 PM
To: focus-ids@securityfocus.com
Subject: GFI SELM Question


Hello All,
I am curious if anyone is using GFI's System Event Long Manager and if
so how well has it scaled?

Thanks!

--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based 
intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------





--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: SIM Tools, and endpoint security., Eric Hines
Next by Date:  Intrushield User Experiences Warts 'n' All, Andy Cuff
Previous by Thread:  RE: GFI SELM Question, Khan, Afzal
Next by Thread:  RE: GFI SELM Question, Chris Petersen
Indexes:  [Date] [Thread] [Top] [All Lists]