[324] in Intrusion Detection Systems
RE: Looking for intrusion detection - Tripwire isn't
daemon@ATHENA.MIT.EDU (Nick Di Giovanni)
Tue Aug 29 19:09:46 1995
Date: Tue, 29 Aug 95 16:13 EDT
To: Intrusion Detection Mailing List <IDS@UOW.EDU.AU>
From: Nick Di Giovanni <U953001@RUTADMIN.RUTGERS.EDU>
Reply-To: ids@uow.edu.au
Dr. Cohen,
I think this product may be the type you're looking for. It's called
Audit Trail Analysis by Rascal-Guardata. Here's some information from the
product description:
- Audit Trail Analysis takes input from any security log, and translates
the data into standard format. It understands the logs of all the
major computer manufacturers (IBM, Unisys, Tandem, DEC, ICL, and more.
- The translated audit trails are loaded into its integrated relational
data base, creating a single coordinated file.
- The next stage of the process is the analysis of that single log against
a set of security rules. These rules represent many man-years
experience of computer security. The rules define certain combinations
of circumstances that may indicate breaches of security. The
combination of rules to be applied may be changed by the controller to
map onto a specific security policy.
- For operational security, the system is stored and run in an
independent computer. It operates on any UNIX hardware that supports
Nexpert Object. It uses ORACLE as its relational database. Rule
Base development using C, OSF/Mitif and Nexpert Object.
For more information, such as pricing, contact Anthony C. Priest, General
Sales Manager, System Security Division. 480 Spring Park Place - Suite 900,
Herndon, Virginia 22070. Telephone (703) 471-0892.
I have never used or seen this product in action but it certainly sounds
interesting. I'd appreciate hearing your feedback on anything you find out.
Regards,
Nick Di Giovanni
IS Audit Manager
Rutgers University
