[Intrusions] Looking for good correlation software.
DAN MORRILL
dan_20407 at msn.com
Thu Sep 2 11:49:03 GMT 2004
Depends on it you have money.
For a depo you can use ELM (Event Log Manager) which takes input from just
about anything and has agents for windows boxes. It runs about 50 dollars a
seat and the console/db part I don't remember the price.
You can use any of the larger commercial products, Intellitactics NSM is
really cool and does the same thing.
I don't know of any freeware, but there was a project out on sourceforge
about a year ago. I don't know what the stats is. Start there and wander
around, there are alternatives.
r
Dan
>From: Hensinger Aaron D Contr MCOM <aaron.hensinger at schriever.af.mil>
>Reply-To: "Intrusions List (GCIA Practicals)" <intrusions at lists.sans.org>
>To: "'intrusions at lists.sans.org'" <intrusions at lists.sans.org>
>Subject: [Intrusions] Looking for good correlation software.
>Date: Wed, 1 Sep 2004 08:47:41 -0600
>
>I was wondering if anyone knew of any good correlation software that would
>pull the data from *NIX and Windows machines and filter/sort the data with
>the SNORT alerts.
>
>Thanks in advance for any information or help...
>
>Aaron
>
>_______________________________________________
>Intrusions mailing list
>Intrusions at lists.sans.org
>http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list