RE: [logs] NetIQ Vigilant Log Analyzer?

• Previous message: Jason Wake: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• Maybe in reply to: Brian Anon: "[logs] NetIQ Vigilant Log Analyzer?"
• Next in thread: Todd E. Tucker: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Apparantly we did a poor job of presenting our solution at SANS! However, I
must correct a few mistakes made by Eric Hines:

- VigilEnt Log Analyzer supports the following systems today: Windows
NT/2000/XP, Solaris, AIX, HP-UX, Tru64, FreeBSD, SuSE Linux, Red Hat Linux,
OS/400, Linux on iSeries, FireWall-1, Cisco PIX, Cisco IDS, ISS RealSecure
Network Sensor, snort, and Cisco routers (IOS).

- Almost all of these agents are written natively for those platforms and
are not simply SNMP listeners or syslog services like many of the products
on the market. VigilEnt Log Analyzer only gets events from PIX, RealSecure,
snort and Cisco routers via SNMP or syslog, all the other agents read the
log files directly or use APIs (e.g., OPSEC for FireWall-1, Cisco POP for
Cisco IDS). 

- While VigilEnt Log Analyzer is in its early release (1.2 is being released
next month), the total solution has gone through years of maturity. The
Agents are in their 3rd release (4.0 later this year) and also provide
vulnerability and configuration management, user administration, intrusion
detection and other capabilities. Our most mature VigilEnt product, VigilEnt
Security Manager, was introduced in 1998, along with our AS/400, Windows and
Unix Agents.

- The agents communicate log data in IDMEF (intrusion detection message
exchange format), which is based on XML. IDMEF is an industry standard (do a
search in the IETF web site), not a NetIQ protocol. While based on XML, we
do not require ANY XML writing.

- Perhaps the confusion comes from our Universal Adapter, which will enable
third parties in the future to write their own adapters. It uses a
configuration file that is XML tagged.

- Our brochures have very little small print. :-)

The product essentially provides a data warehouse for logs and security
events. Based on that warehouse, it provides trend analysis, over 80
drill-down summary reports and forensic queries (parameter driven queries).
It is designed for and has been implemented in large enterprises. It solves
customers requirements for log archiving and consolidation, periodic log
reviews, and quick investigations of log files.

I do not believe in using forums for advertising and would not have
responded to the forum if inaccuracies were not posted by a competitor (Eric
is a founder of AppliedWatch).

Brian, if you (or anyone else) would like more information, don't hesitate
to contact me.

Todd E. Tucker, CISSP, CISA, CPA
Product Marketing Manager
NetIQ Corporation
Business: (713) 418-5260
Toll Free: (888) 400-2834 x85260
Fax: (928) 396-7174
mailto:todd.tuckerat_private
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD8CEEF2A
PGP Fingerprint: 136D 7089 F9AC 5530 CD0D  3B27 9FCA 4739 D8CE EF2A
http://www.netiq.com



-----Original Message-----
From: Jason Wake [mailto:jason_wakeat_private] 
Sent: Saturday, March 29, 2003 3:09 PM
To: michaelfiminat_private; brian_anonat_private;
loganalysisat_private; eric.hinesat_private
Subject: RE: [logs] NetIQ Vigilant Log Analyzer?


Brian, also take a look at Addamark - www.addamark.com - they claim massive 
scalability, compressed storage, and support for any log source.

Jason






>From: "Michael Fimin" <michaelfiminat_private>
>Reply-To: "Michael Fimin" <michaelfiminat_private>
>To: brian_anonat_private,
>loganalysisat_private,eric.hinesat_private
>Subject: RE: [logs] NetIQ Vigilant Log Analyzer?
>Date: Sat, 29 Mar 2003 11:26:04 +0300
>
>I would also suggest you another NetIQ's competitor:
>Aelita Software (http://www.aelita.com) - namely their InTrust product
>(http://www.aelita.com/products/InTrust.htm). This product is more scalable

>than others.
>
>
>-----Original Message-----
>From: Eric Hines [mailto:eric.hinesat_private]
>Sent: Friday, March 28, 2003 5:59 PM
>To: 'Brian Anon'; loganalysisat_private
>Subject: RE: [logs] NetIQ Vigilant Log Analyzer?
>
>Brian:
>
>Bad, bad idea.. Take this with a grain of salt as its just my oppinion, 
>but they presented their product at SANS 2003 and was very unhappy and 
>not impressed at all. The only thing I came away from that with was 
>satisfaction over the free lunch. The product lacks a great deal of 
>support for third party products (currently only supports 2-3 as I 
>recall). You will need to hire an XML programmer or learn the language 
>yourself to write the support agents required for Vigilant to work. The 
>product seemed to have a great deal of maturity to go through. We kept 
>asking if they supported the things in their brochure they listed and 
>mentioned that in small print, it did state that XML agents would need 
>to be written by the customer for that particular support. It was our 
>oppinion after seeing all the deficiencies that they launched their 
>marketing campaign a bit prematurely. Their competition is just too far 
>ahead. Check out:
>
>eSecurity, Inc (http://www.esecurityinc.com)
>And
>NetForensics (http://www.netforensics.com)
>
>
>There are so many commercial solutions out there that offer you far 
>more for your money, I'd wait much longer for Vigilant to mature.
>
>.1 cent
>Eric Hines
>
>
>-----Original Message-----
>From: loganalysis-adminat_private 
>[mailto:loganalysis-adminat_private] On Behalf Of Brian Anon
>Sent: Friday, March 28, 2003 8:09 AM
>To: loganalysisat_private
>Subject: [logs] NetIQ Vigilant Log Analyzer?
>
>
>Anyone here have experience with NetIQ's Vigilant Log Analyzer?
>
>I'm thinking about using this product to centralize audit logs and 
>report on events.  I'd appreciate any feedback from others who have 
>used this before.
>
>Brian
>
>_________________________________________________________________
>MSN 8 with e-mail virus protection service: 2 months FREE* 
>http://join.msn.com/?page=features/virus
>
>_______________________________________________
>LogAnalysis mailing list
>LogAnalysisat_private 
>http://lists.shmoo.com/mailman/listinfo/loganalysis
>
>_______________________________________________
>LogAnalysis mailing list
>LogAnalysisat_private 
>http://lists.shmoo.com/mailman/listinfo/loganalysis
>
>_______________________________________________
>LogAnalysis mailing list
>LogAnalysisat_private 
>http://lists.shmoo.com/mailman/listinfo/loganalysis


_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Todd E. Tucker: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• Previous message: Jason Wake: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• Maybe in reply to: Brian Anon: "[logs] NetIQ Vigilant Log Analyzer?"
• Next in thread: Todd E. Tucker: "RE: [logs] NetIQ Vigilant Log Analyzer?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 31 2003 - 15:05:52 PST