[prev in list] [next in list] [prev in thread] [next in thread]
List: ids
Subject: IDS: RE: RE: RE: IDS Central Consoles
From: "Stephenson, Peter" <Peter.Stephenson () netigy ! com>
Date: 2001-01-20 11:47:22
[Download RAW message or body]
Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
I believe that ITA uses its own proprietary approach. First, it is, of
course, a log parser. IT then communicates to the console using a
proprietary format. That, anyway, was my understanding the last time I used
it (about 6 months ago).
--P
____________________________________________
Peter Stephenson, CPE, PCE
Director of Technology, Global Security
Netigy Corporation
Phone: +1-248-760-1152 - Fax: +1-248-373-9130
PGP Public Key Available At:
http://certserver.pgp.com:11371/pks/lookup?op=get&search=peter.stephenso
n%40netigy.com
If you keep heading in the direction you've always headed, you'll end up
where you've always been.
http://www.netigy.com Driving eBusiness PerformanceSM
> -----Original Message-----
> From: Mark Teicher [mailto:mark.teicher@networkice.com]
> Sent: Friday, January 19, 2001 10:58 AM
> To: Chad Harrington; Talisker
> Cc: ids@uow.edu.au
> Subject: IDS: RE: RE: IDS Central Consoles
>
>
> Archive: http://msgs.securepoint.com/ids
> FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
> FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner@uow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg
> will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> --------------------------------------------------------------
> ---------------
> Isn't ITA SNMP based??
>
> /m
>
> -----Original Message-----
> From: owner-ids@uow.edu.au [mailto:owner-ids@uow.edu.au]On Behalf Of
> Chad Harrington
> Sent: Thursday, January 18, 2001 5:16 PM
> To: Talisker
> Cc: ids@uow.edu.au
> Subject: IDS: RE: IDS Central Consoles
>
>
> Archive: http://msgs.securepoint.com/ids
> FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
> FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner@uow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg
> will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> --------------------------------------------------------------
> --------------
> -
> You will likely want to include the Intruder Alert console
> from Symantec
> (formerly Axent).
>
> > Chad Harrington
> > Product Marketing Manager - Intruder Alert
> > Symantec Corporation
> > 796 E. Utah Valley Drive, Suite 200
> > American Fork, UT 84003
> > Tel: 801-227-3729
> > Fax: 801-227-3788
> > charrington@axent.com
> >
> >
> > -----Original Message-----
> > From: Talisker [SMTP:Talisker@networkintrusion.co.uk]
> > Sent: Monday, January 08, 2001 11:23 AM
> > To: ids@uow.edu.au
> > Subject: IDS: IDS Central Consoles
> >
> > Archive: http://msgs.securepoint.com/ids
> > FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
> > FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
> > IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> > HELP: Having problems... email questions to ids-owner@uow.edu.au
> > NOTE: Remove this section from reply msgs otherwise the msg
> will bounce.
> > SPAM: DO NOT send unsolicted mail to this list.
> > UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> >
> --------------------------------------------------------------
> ------------
> > ---
> > Hi
> > Sorry to be a nuisance but I'm looking for some
> information, I've had an
> > increasing number of emails asking about central consoles
> for IDS. I am
> > building a separate page to list them all, the criteria as
> I see it is
> > (though I'm open to suggestions)
> >
> > They present information collected from remote IDS agents
> > and/or
> > They apply IDS signatures to input from other tools ie
> sniffers, routers,
> > firewalls etc
> > and/or
> > They accept input from other vendors tools at least one of
> which is an
> > IDS.
> >
> > I don't feel that tools which just centralize syslogs
> without adding any
> > analysis should be included.
> >
> > Examples of consoles: SHADOW, ACID, ICEcap, KSE, AFJ, Dragon Server,
> > RealSecure Manager
> >
> > I would also like to point out that I run the site as a
> service, it is
> > still
> > unfunded and therefore unbiased and vendor independant. If
> you can spare
> > any time/knowledge it would be greatly appreciated.
> >
> > I will also send this to the focus-ids list and my own
> security-tools
> > mailing list, please accept my apologies if you receive the
> same mail from
> > all 3
> >
> > Take Care
> > Andy
> > http://www.networkintrusion.co.uk
> > Talisker's Network Security Tools List
> > '''
> > (0 0)
> > ----oOO----(_)----------
> > | The geek shall |
> > | Inherit the earth |
> > -----------------oOO----
> > |__|__|
> > || ||
> > ooO Ooo
> > talisker@networkintrusion.co.uk
> >
> > The opinions contained within this transmission are
> entirely my own, and
> > do
> > not necessarily reflect those of my employer.
> >
> >
> >
> >
> >
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic