Bruno, you have discovered one of the challenges with security information management... it tends to be focused on security devices and applications (firewalls, IDS, VA, etc.). To make sense of the data from these sytems, and to correlate events across different sources, many products are optimized for data where there's always an IP address, a port, etc. The problem you've highlighted is that you also want to audit/monitor internal applications like SAP and HR systems. These sytems don't log events the way a firewall does. Also, while there are relatively low number of firewall devices, for example, making it easy to support and analyze messages from all/most of them, there are almost limitless internal applications (and associated log formats that don't fit neatly into a security schema). In order to monitor all the types of systems you describe, look for a solution that can accept non-security sources, store the data in their native schema/context (ie, not normalized), and allow you to query the data any way you want to. Oh, and you probably wat to keep a decent amount of history online for forensics and investigations. I invite you to visit SenSage - http://www.sensage.com (disclaimer: I work there). Our solution will accept and report on all the types of systems you have. Best, Dan Dan Barahona Director, Business Development SenSage, Inc. 415.808.5911 dan.barahona@private > Thank's Keith, but MARS don't analyse Database and ERP security events. > MARS is very good to infraestruture/security devices (network security.). > Bruno. > > ---------- Início da mensagem original ----------- > De: "Keith" kpasley6@private > Para: "Bruno Moraes" bdmoraes@private,"loganalysis" > loganalysis@private > Cc: > Data: Tue, 11 Apr 2006 14:21:58 -0400 > Assunto: RE: [logs] Security Management Tool >> There are several on the market today. Cisco Monitoring Analysis >> Reporting >> System, for example does what you state plus it can mitigate ongoing >> attacks, too. http://www.cisco.com/en/US/products/ps6241/index.html >> >> >> >> Keith >> >> >> >> -----Original Message----- >> From: loganalysis-bounces+kpasley6=comcast.net@private >> [mailto:loganalysis-bounces+kpasley6=comcast.net@private] On >> Behalf >> Of Bruno Moraes >> Sent: Wednesday, April 05, 2006 4:11 PM >> To: loganalysis >> Subject: [logs] Security Management Tool >> >> >> >> Hello All, >> >> >> >> Good Afternoon! I need of a tool that manage security events in several >> environments, as network devices (FW, IDS, Routers, Switchs), >> operational >> systems (Unix, Linux, W2003) and Corporate Systems (SAP, HR Systems, >> etc) .. >> this in one box. >> >> >> >> Anything knows any tool to receive, correlate and response security >> information gathering in this environments (all-in-one)?? >> >> >> >> Thanks in advance. >> >> Bruno >> >> > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Apr 12 2006 - 10:45:21 PDT