RE: SIM Suggestions

["Lafosse, Ricardo" <rlafosse () sfwmd gov>]

First of all, thank you all for your quick replies. I knew this was
going to be overwhelming. 
Daniel,
A set of our primary goals include:
1. Real-time alerting/correlation from UNIX/Linux/Windows/Multiple Cisco
devices/Multiple databases/Snort logs
2. Active Directory User Tracking (Identity Management)
3. Asset Tracking
4. Incident response Tracking System
5. Vulnerability Scans (either its own or inputs from Nessus)

Thanks,

Ricardo

-----Original Message-----
From: Daniel I. Didier [mailto:ddidier () netsecureia com] 
Sent: Tuesday, July 29, 2008 11:20 AM
To: Lafosse, Ricardo; security-basics () securityfocus com
Subject: RE: SIM Suggestions

Ricardo,
I have a lot of experience with Cisco MARS and can tell you where it
will and won't be effective.  Do you have a set of primary goals that
you can share with us? -Dan

Sometimes a SIM isn't really what an organization needs (Depending on
the requirements) and a log analyzer might be a better fit...  I can
expand once I see what your goals are.

http://www.NetSecureIA.com

> -----Original Message-----
> From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
> On Behalf Of Lafosse, Ricardo
> Sent: Tuesday, July 29, 2008 10:30 AM
> To: security-basics () securityfocus com
> Subject: SIM Suggestions
>
> Hello all,
>
> I know this is going to be a full loaded answer however we are
> interested in acquiring a SIM. Any good/bad experiences and/or
> suggestions would be greatly appreciated. We are a medium sized
> organization.
> Thanks,
>
> Ricardo