[311] in Intrusion Detection Systems
Re: Looking for intrusion detection - Tripwire isn't it
daemon@ATHENA.MIT.EDU (Mark Seiden)
Mon Aug 21 14:20:07 1995
From: mis@seiden.com (Mark Seiden)
To: ids@uow.edu.au
Date: Sun, 20 Aug 1995 15:55:16 -0700 (PDT)
In-Reply-To: <9508192241.AA03879@all.net> from "Dr. Frederick B. Cohen" at Aug 19, 95 06:41:24 pm
Reply-To: ids@uow.edu.au
i suppose you could try stalker and netstalker from haystack labs
in austin.
stalker doesn't use syslog. it uses the c2 audit trail.
>
> I guess it figures that the three responses I got via Email were
> all about tripwire. Perhaps I wasn't clear enough. I wasn't looking
> for an integrity checker to detect changed files on my server. If I
> were, I would use Integrity Toolkit (before tripwire, there wat IT!, and
> IT is better).
>
> I am looking for a real-time intrusion detection system that can
> take information provided by syslogs and other similar sources coming
> from a distributed network of computers, fuse the incoming information,
> and detect both patterns that are dissimilar to normal usage patterns
> and patters that are indicative of known attack profiles.
>
> A good example is CMDS by SAIC, but I know there are other such
> products, and I am trying to get in touch with the vendors of those
> other products to determine if any of them are as viable as CMDS, what
> they cost, how they operate, and whether they will meet the needs of my
> client.
>
> I am interested in a package that operates on information from
> different sources, including but not limited to Unix varieties and
> output from routers. It would be best if it ran on trusted computing
> bases, it would be nice if was programmable to allow us to customize it
> to meet the client's ever-changing needs, and it would be even better if
> it were supported by a substantial commercial organization with a
> long-term commitment to its ongoing availability and enhancement.
> Finally, it would be nice if the cost were relatively modest for the
> value given, taking into account support, customization, etc.
>
> I hope this has clarified my request for information.
>
> --
> -> See: Info-Sec Heaven at URL http://all.net
> Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
>
--
mark seiden, mis@seiden.com, 1-(415) 592 8559 (voice)
