Intrusion Detection Systems: Re: Tripwire or alternative

[rgula () network-defense com (Ron Gula)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au

> We're currently running the educational version of tripwire... no one is 
> really administering it and the reports are just being ignored. As I see 
> it, the short fall of this free version is the inability to centralize the 
> databases/reports and the granularity/control of the reports. From what I 
> saw it's quite cryptic as well. My company's a non profit and qualifies for 
> tripwire's commercial product with a discount. We're considering going to 
> it, but want to see if there are viable alternatives. Has any one put 
> together something that can be used with the existing freeware version of 
> tripwire as far as centralizing information and creating reports? Are there 
> any other free or commercial products that may better/easier? How does 
> Flight Recorder fit into the scheme of things. Obviously these are pretty 
> green questions, but we had to get attacked for someone to get off their 
> duffs and now they want to know everything yesterday. At least the check 
> books are coming out :-)
>
> Any direction would be greatly appreciated.
Hi Roy, 

Dragon Squire is very close to shipping. It provides file integrity checking
and signature analysis of log files such as /var/log/messages or the
access_log file. It has a very small footprint. Management of multiple Dragon
Squires occurs though the same interface as with the Dragon Sensor. This means
that all management and alert correlation occurs through a web interface. This
is also the mechanism we are using to correlate firewall logs with Dragon
data. 

I'm tempted to send another 4-5 pages of marketing stuff for NSW, but feel
free
to visit the web page at http://www.securitywizards.com ;)

Ron Gula
410-381-2101
Network Security Wizards