[Intrusions] Looking for good correlation software.
Altheide, Cory B. (IARC)
AltheideC at nv.doe.gov
Thu Sep 2 17:27:34 GMT 2004
As far as commercial products go, the big two are netForensics and Arcsight.
The NNSA IARC evaluated several products and chose netForensics.
On the Open Source side, there is Open Source Information Security
Management - www.ossim.net (apparently down) &
sourceforge.net/projects/os-sim/ - and Prelude Hybrid IDS -
www.prelude-ids.org. Prelude looks to be far more advanced and actually
useable.
Cory Altheide
Senior Network Forensics Specialist
NNSA Information Assurance Response Center (IARC)
altheidec at nv.doe.gov
> -----Original Message-----
> From: intrusions-bounces at lists.sans.org
> [mailto:intrusions-bounces at lists.sans.org] On Behalf Of
> Hensinger Aaron D Contr MCOM
> Sent: Wednesday, September 01, 2004 7:48 AM
> To: 'intrusions at lists.sans.org'
> Subject: [Intrusions] Looking for good correlation software.
>
>
> I was wondering if anyone knew of any good correlation
> software that would pull the data from *NIX and Windows
> machines and filter/sort the data with the SNORT alerts.
>
> Thanks in advance for any information or help...
>
> Aaron
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
More information about the Intrusions
mailing list