NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Nokia and log manipulation



you might want to check us out....

www.guarded.net

This software analyzes logs from FW-1, plus your IDS, router, host, etc
and correlates it to determine threat levels. Next release includes
correlation with vulnerability from Nessus. Great security operations
platform for centrally monitoring and responding to threat the fastest
with complete information.  Lots of flexibility in terms of filtering
events and assigning priority levels to important hosts on the network.
Also does not require deploying agents. Allows one person to easily do
the monitoring and analysis work of three or more.

Chris-----Original Message-----
From: Wesley C. Maness [mailto:[email protected]]
Sent: Wednesday, October 31, 2001 12:01 PM
To: [email protected]
Subject: Re: [FW-1] Nokia and log manipulation


I have used Snort via Razorback.  And it does not correleate the data
that would be needed for attack patterns.  Something that has a
capability to recreate attack patterns to determine what was
comprimised.. Snort doesnt do this yet, unless I can configure it do to
that for me.  I checked out
E-Security as well.. nope they don't have this full-feature either.

I'll take a look at WebTrends...

Thanks for you hint...!!!

Mailing list for discussion of Firewall-1
<[email protected]> wrote:
>


Nokia and log manipulation



Personally I would stick with Webtrends to analyse the
firewall logs. If you are looking to detect attack sequences however,
there is
no easy way...you need an IDS....you can try a freeware like SNORT which
has
amazing capabilities.

  -----Original Message-----
> From: Nick Ellenden
  [mailto:[email protected]]
> Sent: Wednesday, October 31, 2001
  10:26 PM
> To:
  [email protected]
> Subject: Re: [FW-1]
  Nokia and log manipulation
>
>
  Hi,

  I
  don't work for OpenService (which is OPSEC compliant), but to toot
their horn
  a little, you can configure the filter rules in OpenService to parse
the data
  as you wish this could then be used to re-create such paths, although
most
  reasonable attackers will spoof or otherwise obscurant their own
trail. You
  might also want to check out e-Security Inc products, they may have
evolved a
  processing approach as well now.


  Bestest,

  nick

    -----Original Message-----
> From: Mailing list for
    discussion of Firewall-1
    [mailto:[email protected]]On Behalf Of
    Wesley Maness
> Sent: 01 November 2001 04:43
> To:
    [email protected]
> Subject: Re: [FW-1]
    Nokia and log manipulation
>
>
    To
    All:

    Can anyone suggest a product (working in cohoots
    with FW-1 and others, either via OPSEC or other means) that
    can
    parse large amounts of logs(fw logs) and recreate
    attack sequences (their paths) etc ?

    Thanks...

      -----Original Message-----
> From: Mailing list for
      discussion of Firewall-1
      [mailto:[email protected]]On Behalf Of
      Nick Ellenden
> Sent: Wednesday, October 31, 2001 3:34
      AM
> To:
      [email protected]
> Subject: Re: [FW-1]
      Nokia and log manipulation
>
>
      Hi,

      You might want to check out OpenService, they also make an agent
      server system which also works on Solaris and Windows for FW1, it
can also
      parse and process the system logs as well.


      Bestest,

      nick

        -----Original Message-----
> From: Mailing list for
        discussion of Firewall-1
        [mailto:[email protected]]On Behalf
Of
        Tim Holman
> Sent: 30 October 2001 22:05
> To:
        [email protected]
> Subject: Re:
        [FW-1] Nokia and log manipulation
>
>
        Webtrends ?

          -----Original Message-----
> From: Mailing list for
          discussion of Firewall-1
          [mailto:[email protected]]On Behalf
Of
          Sam Denton
> Sent: 23 October 2001 10:21
> To:
          [email protected]
> Subject: [FW-1]
          Nokia and log manipulation
>
>
          <P>Is there anyway to manipulate log file data on the
          Nokia Platform (IP330 running FW-1 4.1 SP4)
          <P>Thanks
          <P>Sam
>
> **********************************************************************
> This
        email and any files transmitted with it are confidential and
> intended
        solely for the use of the individual or entity to whom they
> are
        addressed. If you have received this email in error please
notify
> the
        system manager.
>
> This footnote also confirms that this email
        message has been swept by
> Dimension Data mail system for the presence
        of computer
        viruses.
>
> www.uk.didata.com
> **********************************************************************
>

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.