On Tue, Mar 12, 2002 at 02:34:51PM +0100, Alexandre Dulaunoy wrote: > Dear All, > > We have look around http://www.counterpane.com/sentry.html. And we some > question of how it is working ? [snip] > Is there some user of the sentry software/appliance (or maybe Tina?) > in this list? Any feedback ? I suspect that Tina would rather others respond so that it doesn't seem like she was abusing her role as moderator to spam the group with marketing. Since I know something about the Sentry as well (I worked for Counterpane very briefly about a year ago), I'll throw in my two cents. (Insert dislaimers about opinions being mine and nobody elses, etc., etc.) > - If we clearly understand this is only network monitoring sniffing ? At least when I was there, there was no sniffing going on; the sentry was essentially a log aggregator that gathered information from servers, network devices, IDSes, etc., parsed them and did some intelligent preprocessing, and then passed the relevant logs entries on to the Counterpane SOC (via an encrypted channel) for further analysis by humans and other software. That conflicts with what it says at: > (check out Question 7 : http://www.counterpane.com/questions.html) , however, now that I look at that link: "Counterpane's business model works because network monitoring is fundamentally better than device monitoring" _does_ imply pretty strongly that they don't gather data from routers, switches, servers, etc. Either that piece of marketing was written by someone who is using "device monitoring" to mean something different (I do notice that earlier in the same section they use the phrase "device monitoring/ management", so perhaps they are just trying to emphasize that they only monitor things--they aren't like some companies whose business model was to actually go in and manage devices as part of their security services), or things have changed greatly. > - How the device handles encrypted connection (like SSL/TLS, SSH...) ? > - Maybe you can store private key on the sentry box ? (maybe quite dangerous I'm not sure I understand these questions; could you clarify them? > - So with this type of system where can you get the system log for > example ? (Event log and audit log from WIN32 ? Specific application > log ?) Again, as of last year, all of this info would be redirected to the sentries just like syslog info would be. > - Another question : Is it possible to get the software of sentry ? > Or having a technical overview of the software ? There's a whole lot of proprietary stuff on those boxes that I don't think they'd want to give away to competitors. :) I'm sure if you had specific questions, though, their sales folks could get you the appropriate info. -- Sweth. -- Sweth Chandramouli ; <svcat_private> President, Idiopathic Systems Consulting --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 14:10:26 PST