Dear Guys, suppose that i need to create a SOC for monitoring purpose ( like Counterpane does ) that should be able to manage incident and alert coming from "A LOT" of different device, application, operative system and blah blah blah. Suppose that i have in mind "how to do that" from the procedure point of view but not perfectly from the "technological" point of view. I'm going to evaluate different software for doing that things and what i need is a solution that guarantee me at least the following feature: - High Avaiability of every component - Correlation of event between different device - Ability to response to event with many actions ( trap snmp, mail, sms, killing with a gun the operator ;P ) - Extendable agent ( for integrating custom application ) - Ability to be a distributed, scalable infrastructure ( at least to monitor +5000 device ) I know netforensics products, but i have some doubt regarding the possibility to customize very hard it for my needs. There is an agent called "Universal Agent" that allow me to write my own rules for my own application but i cannot modify the rest of the infrastructure. I think that there are a lot of other software doing similar things and i would like to know the opinion of the list regarding the possibility to implement new feature and customize the software for security monitoring that are avaiable on the market ( Tivoli Somethings, etc, etc ) :) Bye :) -- Fabio Pietrosanti ( naif ) E-mail: naifat_private - naifat_private PGP Key (DSS) http://naif.itapac.net/naif.asc -- "Hacking is the future of security research" R.Power, CSI Free advertising: www.openbsd.org Multiplatform Ultra-secure OS --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 08:53:49 PDT