Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Log analysis tool for Cisco HIPS/NIPS.

from [Andrew Hay] Network Security [Permanent Link]
Subject: Re: Log analysis tool for Cisco HIPS/NIPS.
Date: Mon, 22 Jan 2007 14:53:46 -0400 
Have you checked out OSSIM?  http://www.ossim.net/
"Ossim stands for Open Source Security Information Management. Itsgoal is to 
provide a comprehensive compilation of tools which, whenworking together, grant a 
network/security administrator with detailedview over each and every aspect of his 
networks/hosts/physical accessdevices/server/etc...Besides getting the best out of 
well known open source tools, some ofwhich are quickly described below these lines, 
ossim provides a strongcorrelation engine, detailed low, mid and high level 
visualizationinterfaces as well as reporting and incident managing tools, workingon 
a set of defined assets such as hosts, networks, groups andservices.
All this information can be limited by network or sensor in order toprovide just the 
needed information to specific users allowing for afine grained multi-user security 
environment. Also, the ability to actas an IPS (Intrusion Prevention System) based 
on correlatedinformation from virtually any source result in a useful addition toany 
security professional."
You may want to also check out Q1 Labs QRadar (http://www.q1labs.com/)or 
LogLogic (http://www.loglogic.com/products/) if you're looking 
forenterprise-grade solutions.
On 21/01/07, Ramki B <bramkie@gmail.com> wrote:> Hi>> Thanks, I had read the doc's but MARS cannot do an off-line analysis> and reporting (or is there a way to do this on MARS?...). Iam looking> for a product that can import security device/SW logs and provide an> interface to analyze and generate reports.>>> Regards> Ramki>> > -----Original Message-----> > From: Alberto Madrid [mailto:alberto.madrid@ngisolution.com]> > Sent: 
Thursday, January 18, 2007 1:08 AM> > To: 'Ramki B'; security-basics@securityfocus.com> > Subject: RE: Log analysis tool for Cisco HIPS/NIPS.> > Importance: High> >> >> > Hi, Ramki:> >> > Please, take a look a Cisco MARS (Cisco Security Monitoring,> > Analysis and Response System) http://www.cisco.com/go/mars> >> > Regards,> >> > Alberto Madrid> > ipsubnet0@cantv.net> > MCP, CCNA, CQS, CCSP, INFOSEC 
Professional.> >> >> >> > -----Mensaje original-----> > De: listbounce@securityfocus.com> > [mailto:listbounce@securityfocus.com] En nombre de Ramki B> > Enviado el: MiÃrcoles, 17 de Enero de 2007 01:28 p.m.> > Para: security-basics@securityfocus.com> > Asunto: Log analysis tool for Cisco HIPS/NIPS.> >> > Hi> >> > I am looking for a good tool to analyze the logs created by> > Cisco NIPS and HIPS 
(Cisco Security Agent), what tools other> > than Cisco provided are available with reporting functions.> >> > I have a fair idea on the concepts of log analysis but> > without a proper tool it's a very laborious and time consuming task.> >> > Any inputs/directions would help.> >> > Thanks> > Ramki> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~> > Ramakrishnan B> > IM: bramkie@hotmail.com> > 
~~~~~~~~~~~~~~~~~~~~~~~~~~> > "Be better than the best"> > ~~~~~~~~~~~~~~~~~~~~~~~~~~> >> >> >> > --> > No virus found in this incoming message.> > Checked by AVG Free Edition.> > Version: 7.5.432 / Virus Database: 268.16.13/632 - Release> > Date: 16/01/2007> > 04:36 p.m.> >> >>>

-- Andrew Hayblog: https://www.andrewhay.caemail: andrewsmhay || at || gmail.com

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SandBox for windows, Lars
Next by Date:  Secure Web conferencing, Marty
Previous by Thread:  RE: Log analysis tool for Cisco HIPS/NIPS., Ryan Counts
Next by Thread:  Cross Domain Ajax Sniffer - Proof of concept, Anurag Agarwal
Indexes:  [Date] [Thread] [Top] [All Lists]