Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: OSSIM Fedback

from [Mark Lists] Network Security [Permanent Link]
Subject: RE: OSSIM Fedback
Date: Tue, 13 Jun 2006 16:55:05 +0200 (CEST) 
I tried to use OSSIM in the past without much success.
The installation was horrible and it lacked some of
the options I wanted (like being able to easily modify
the code and configure it for my company "special"
requirements). 

Since our main concern was with log correlation (from
syslog and snort) we ended up writting our own
perl/php code to handle that. 

Lately we have been looking again for an open source
SIM solution and we found OSSEC (ossec.net) to be a
very good solution. It has a very good syslog
correlation and it also supports snort and fw logs.
On the  negative side, it does not have a web
interface (but we are doing that by ourselves).

thanks. Mark


--- Koolk3 <koolk3@gmail.com> schrieb:


Hello everyone,

I have been following these lists for some time now
and have seen some
messages on OSSIM (www.ossim.net) [Open Source
Security Information
Management]. It seems like a great product but lacks
documentation and
reviews on the Internet.

I am looking for some feedback on the usefulness and
practicaility
(interms or maintenance and configuration) of this
software. I am
mainly interested in OSSIM as a corelation tool /
log analysis for
now. But if it works well as an IDS I would like to
propose this as an
alternative to commercial IDS to the management.

Has anyone tried the latest version of the product
(0.9.9)? Any
feedback on installation and usability would be
great.

I would be very much interested in hearing your
success or horror
stories with this.

I have searched the web for 3rd party reviews on
this. Haven't found
much. So if you know of any please let me know.

Thanks.

KoolK3



------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to


http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708


to learn more.


------------------------------------------------------------------------






__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen 
Massenmails. 
http://mail.yahoo.com 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OSSIM Fedback, Dominique Karg
Next by Date:  Re: Re: IPS Vendor - Customer Experiences, abe . mohallim
Previous by Thread:  Re: OSSIM Fedback, Stefano Zanero
Next by Thread:  Re: OSSIM Fedback, zmaster zhang
Indexes:  [Date] [Thread] [Top] [All Lists]