Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ISSForum] Fusion module and checkpoint+cisco

from [davidc] Network Security [Permanent Link]
Subject: RE: [ISSForum] Fusion module and checkpoint+cisco
Date: Fri, 11 Mar 2005 12:34:28 -0500 
I echo what others have said. After only being able to keep TPM up and running 
about 50% of the time and receiving a very sparse amount of syslog entries I 
gave up. I logged a call with ISS, they claimed to not have any issues keeping 
TPM running and they confirmed that those small amounts of syslogs were all TPM 
was built to do. I gave up on using it.


David

-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On Behalf Of 
Chris Norris/AMIG
Sent: Thursday, March 10, 2005 8:35 AM
To: Griffin, Bob
Cc: issforum-bounces@iss.net; ISSForum@iss.net
Subject: RE: [ISSForum] Fusion module and checkpoint+cisco

We had the 3rd part module setup to handle event from our PIX firewalls but
it only seemed to use a very small subset of events. Most of those were the
native PIX IDS such as  Large ICMP Packets,  and management events such as
privileged logins and configuration changes. It does nothing to show you
when a certain rule might be hit or things like that and is not very
configurable. In the end we stopped using it and are looking at more robust
logging and event correlation tools.


Regards,
Chris Norris
American Modern Insurance Companies
Sr. Security Engineer
IS Risk and Security Management
7000 Midland Blvd.
Amelia, OH 45102
Ph: 513-947-5454
email: cnorris@amig.com


                                                                           
             "Griffin, Bob"                                                
             <rgriffin@jockeyc                                             
             lub.com>                                                   To 
             Sent by:                  <ISSForum@iss.net>                  
             issforum-bounces@                                          cc 
             iss.net                                                       
                                                                   Subject 
                                       RE: [ISSForum] Fusion module and    
             03/09/2005 08:33          checkpoint+cisco                    
             AM                                                            
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Could you please explain what the "SiteProtector Third Party Module" is
used for?  The readme file for this module download describes the
"SiteProtector Third Party Module" as:

"DESCRIPTION
=====================================================================
The RealSecure SiteProtector Third Party Module interfaces with
Check Point NG and Cisco PIX firewalls to deliver high value firewall
events to the SiteProtector analysis interface. By gathering this
information, you can easily correlate firewall and third party events
with their intrusion detection and vulnerability assessment data
native to the ISS suite of security products."

-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On Behalf
Of Kaylor, Adrian (ISS Atlanta)
Sent: Tuesday, March 08, 2005 9:55 AM
To: Pascual Perez; issforum@atla-mm1.iss.net
Subject: RE: [ISSForum] Fusion module and checkpoint+cisco

There are currently no correlation items for Fusion for CheckPoint or Cisco
logs.



Thank you,

Adrian Kaylor, CISSP
Technical Product Manager
Internet Security Systems
Phone:  (404) 236-3052
-----Original Message-----
From: issforum-bounces@atla-mm1.iss.net On Behalf Of Pascual Perez
Sent: Monday, March 07, 2005 5:38 PM
To: issforum@atla-mm1.iss.net
Subject: [ISSForum] Fusion module and checkpoint+cisco

hi, can  Fusion Module integrate the correlation  with Checkpoint FW1 and
CISCO logs?and how?

thanks  in Advance

Pascual Alberto Pérez del Real
Azertia Consulting

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.




This message is intended only for the use of the Addressee and may contain
information that is PRIVILEGED and CONFIDENTIAL.  If you are not the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited.  If you have received this
communication in error, please erase all copies of the message and its
attachments and notify us immediately.  Thank you.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ISSForum] AIX Server Sensor Not Working, Kwan Chee Kin
Next by Date:  [ISSForum] Servor Sensor Apache Monitoring on Solaris, Mohr James
Previous by Thread:  RE: [ISSForum] Fusion module and checkpoint+cisco: Should I buy a SIM?, Jason Baeder
Next by Thread:  [ISSForum] pam.trons.* parameters, Sergey V Soldatov
Indexes:  [Date] [Thread] [Top] [All Lists]