IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: ISS Siteprotector as syslog server?

From: "Brito, Nelson (ISS Brazil)" <NBrito () iss net>
Date: Thu, 25 Nov 2004 13:34:28 -0500
Sorry, but, AFAIK, the Third Party Adapter, instead of TPM (the TPM is just to collect events from PIX and FW-NG), can 
gets the SYSLOGD events and send it to RSSP.  
  
In fact, you can do it using a simple "User Defined Events" under "Syslog and Text Events" on "OS Events" tab (sensor 
policy). You can set a syslog or a text log entry.  

And those entries can be used for correlation, but be aware that we have more than one type of correlation, this one is 
just to put together the security events and making easier the search and tracing of a security event.

Rgds.

- nb

{(!($^O=~/^[M]*$32/i)&&($0=~s!^.*/!!))||($0=~s!^.*\\!!)}print$0;

 

-----Original Message-----
From: Leandro Reox [mailto:lmet5on () fibertel com ar] 
Sent: Monday, November 22, 2004 4:17 AM
To: 'Bowes, Ronald (EST)'; focus-ids () securityfocus com; 'Leandro Reox (Fibertel)'
Subject: RE: ISS Siteprotector as syslog server?


Ron:
        The first option depending on wich suite do you want to put to work together its an SP add-on called "Third 
Party Module", who lets you add another techs to the SP, with big limitations, at this moment we´re tryng to fusionate 
CISCO IDS with SP, and its kinda bogus.

-----Original Message-----
From: Bowes, Ronald (EST) [mailto:RBowes () gov mb ca] 
Sent: Jueves, 18 de Noviembre de 2004 12:09 p.m.
To: 'focus-ids () securityfocus com'
Subject: ISS Siteprotector as syslog server?

We're trying to get several different systems (ips and ids) to work together, as we're evaluating ips products made by 
various vendors.  

The ips appliances we're using can export their data to a syslog server, and it would be nice if we could import the 
syslog data into ISS SiteProtector. Has anybody tried to do that before?

Thanks,
Ron Bowes


------------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------
--

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 15/11/2004
 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: