Security Basics

Log analisys and siem

View: New views
7 Messages — Rating Filter:   Alert me  

Log analisys and siem

by NetExpress :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi everyone,

I am looking for:
- a solution of log analysis (for tecnichan)
- a SIEM (security information and event management) solution for
management and/or Manager

I collect syslog event on a syslog-ng log server, so I already have a
colletor of information.
Based on this base of vents I would like to do realtime log analysis and
SIEM analysis, better if is gpl based.
Anyone have experience with some product? and with how many computers?





------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


RE: Log analisys and siem

by Steve Johnston-4 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Tripwire has a really great new Log analysis / SIEM that has a really good
price. I would check it out.


-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of NetExpress
Sent: Monday, October 19, 2009 9:44 AM
To: security-basics@...
Subject: Log analisys and siem

Hi everyone,

I am looking for:
- a solution of log analysis (for tecnichan)
- a SIEM (security information and event management) solution for
management and/or Manager

I collect syslog event on a syslog-ng log server, so I already have a
colletor of information.
Based on this base of vents I would like to do realtime log analysis and
SIEM analysis, better if is gpl based.
Anyone have experience with some product? and with how many computers?





------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


RE: Log analisys and siem

by Tran Thanh Hai :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

OSSIM

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of NetExpress
Sent: Monday, October 19, 2009 9:44 PM
To: security-basics@...
Subject: Log analisys and siem

Hi everyone,

I am looking for:
- a solution of log analysis (for tecnichan)
- a SIEM (security information and event management) solution for
management and/or Manager

I collect syslog event on a syslog-ng log server, so I already have a
colletor of information.
Based on this base of vents I would like to do realtime log analysis and
SIEM analysis, better if is gpl based.
Anyone have experience with some product? and with how many computers?





------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


Re: Log analisys and siem

by Nikhil Wagholikar :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi NetExpress,

One of the most popular SIEM/SIM is OSSIM.

OSSIM (Open Source Security Information Management) is a collection of
tools designed to aid network administrators in computer security,
intrusion detection and prevention. The project's goal is to provide a
comprehensive collection of tools to grant an administrator a view of
all the security-related aspects of their system.

More Info: http://en.wikipedia.org/wiki/OSSIM
Official Website: http://www.ossim.net/

Something in-line with OSSIM is 'Prelude'.

Prelude is an "agentless", universal, "Security Information
Management" (SIM) system, released under the GPL license. Prelude
collects, normalizes, sorts, aggregates, correlates and reports all
security-related events independently of the product brand or license
giving rise to such events by normalizing them to a single format
called the "Intrusion Detection Message Exchange Format".

More Info: http://en.wikipedia.org/wiki/Prelude_Hybrid_IDS
Official Website: http://www.prelude-ids.com/en/welcome/index.html

Hope this helps.

---
Nikhil Wagholikar
Practice Lead | Security Assessments & Digital Forensics
Network Intelligence India Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://iisecurity.in/courses/Training Calendar.html

2009/10/19 NetExpress <netexpress@...>:

> Hi everyone,
>
> I am looking for:
> - a solution of log analysis (for tecnichan)
> - a SIEM (security information and event management) solution for management
> and/or Manager
>
> I collect syslog event on a syslog-ng log server, so I already have a
> colletor of information.
> Based on this base of vents I would like to do realtime log analysis and
> SIEM analysis, better if is gpl based.
> Anyone have experience with some product? and with how many computers?
>
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


Re: Log analisys and siem

by Albert Gonzalez-4 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Greetings,

Since you didn't mention the need for correlation, so a SIEM might not
be what you want just to collect logs. Splunk has a free version that
you might want to look at. I know the free version limits your log feeds
indexing to 500MB/day[1], but worth a test run none the less.

Later,

[1] - http://www.splunk.com/view/SP-CAAADFV#difference

-  
Albert Gonzalez
http://blog.cerveau.us


On Mon, 2009-10-19 at 16:43 +0200, NetExpress wrote:

> Hi everyone,
>
> I am looking for:
> - a solution of log analysis (for tecnichan)
> - a SIEM (security information and event management) solution for
> management and/or Manager
>
> I collect syslog event on a syslog-ng log server, so I already have a
> colletor of information.
> Based on this base of vents I would like to do realtime log analysis and
> SIEM analysis, better if is gpl based.
> Anyone have experience with some product? and with how many computers?
>
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>


signature.asc (204 bytes) Download Attachment

Re: Log analisys and siem

by aditya mukadam :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Some good SIEM options to be considered are:

1) LogRhythm
2) Netforensics
3) Arc Sight
4) Juniper STRM

Thanks,
Aditya Govind Mukadam
CISSP,CEH,JNCIA-SSL,JNCIA-UAC,JNSA-Advanced Security, CQS-PIX,CQS-VPN


On Mon, Oct 19, 2009 at 8:13 PM, NetExpress <netexpress@...> wrote:

> Hi everyone,
>
> I am looking for:
> - a solution of log analysis (for tecnichan)
> - a SIEM (security information and event management) solution for management
> and/or Manager
>
> I collect syslog event on a syslog-ng log server, so I already have a
> colletor of information.
> Based on this base of vents I would like to do realtime log analysis and
> SIEM analysis, better if is gpl based.
> Anyone have experience with some product? and with how many computers?
>
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


Re: Log analisys and siem

by Simone (carverrace@gmail.com) :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I would suggest you also another product that is work fine and it  
should be most apropriate for your market.
Look for SecureLog.

have a ncie day.


On 29/ott/2009, at 18.13, aditya mukadam wrote:

> Some good SIEM options to be considered are:
>
> 1) LogRhythm
> 2) Netforensics
> 3) Arc Sight
> 4) Juniper STRM
>
> Thanks,
> Aditya Govind Mukadam
> CISSP,CEH,JNCIA-SSL,JNCIA-UAC,JNSA-Advanced Security, CQS-PIX,CQS-VPN
>
>
> On Mon, Oct 19, 2009 at 8:13 PM, NetExpress <netexpress@...>  
> wrote:
>> Hi everyone,
>>
>> I am looking for:
>> - a solution of log analysis (for tecnichan)
>> - a SIEM (security information and event management) solution for  
>> management
>> and/or Manager
>>
>> I collect syslog event on a syslog-ng log server, so I already have a
>> colletor of information.
>> Based on this base of vents I would like to do realtime log  
>> analysis and
>> SIEM analysis, better if is gpl based.
>> Anyone have experience with some product? and with how many  
>> computers?
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs  
>> an SSL
>> certificate.  We look at how SSL works, how it benefits your  
>> company and how
>> your customers can tell if a site is secure. You will find out how  
>> to test,
>> purchase, install and use a thawte Digital Certificate on your  
>> Apache web
>> server. Throughout, best practices for set-up are highlighted to  
>> help you
>> ensure efficient ongoing management of your encryption keys and  
>> digital
>> certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>> ------------------------------------------------------------------------
>>
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs  
> an SSL certificate.  We look at how SSL works, how it benefits your  
> company and how your customers can tell if a site is secure. You  
> will find out how to test, purchase, install and use a thawte  
> Digital Certificate on your Apache web server. Throughout, best  
> practices for set-up are highlighted to help you ensure efficient  
> ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Free embeddable forum powered by Nabble Forum Help