[Dshield] SEIM Tool recomendation
Scott
opiesan at gmail.com
Fri Feb 1 19:42:19 GMT 2008
We went through a similar RFP at my last job. Unlike Paul my
experience with ArcSight hasn't been that great and by group consensus
they didn't make it into the final evaluation stage of our RFP. We
ended up reviewing Intellitactics and two others in the lab but went
with Intellitactics after all was said and done. Unfortunately I left
the company before they installed the SIEM so I can't speak to first
hand knowledge of using it but it was good in the lab tests we did.
We did use ArcSight exclusively at the job before last. The Oracle DB
was very touchy if any events came in out of the acceptable format and
it required us to have a full time Oracle DBA on staff to keep it
happy. Other than that it's like most any SIEM tool, a beast to get
initially configured but powerful once you get there.
Scott
On Jan 31, 2008 11:31 PM, Basiru Ndow <bndow at ndowtech.com> wrote:
> My company is doing an RFP for a SEIM tool. Any recommendation will be
> highly appreciated .. ARCSIGHT, RSA, Symantec...etc.
>
> Regards
>
> Bass
>
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans. http://www.sans.org/info/15826
>
More information about the list
mailing list