Re: Looking for intrusion detection - Tripwire isn't it

Mark Seiden (mis@seiden.com)
Sun, 20 Aug 1995 15:55:16 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: adamsb@un.org: "Re: Looking for intrusion detection - Tripwire isn't it"
Previous message: Dr. Frederick B. Cohen: "The Info-Sec Super Journal"
In reply to: Dr. Frederick B. Cohen: "Looking for intrusion detection - Tripwire isn't it"
Next in thread: adamsb@un.org: "Re: Looking for intrusion detection - Tripwire isn't it"

i suppose you could try stalker and netstalker from haystack labs
in austin.

stalker doesn't use syslog.  it uses the c2 audit trail.

> 
> 	I guess it figures that the three responses I got via Email were
> all about tripwire.  Perhaps I wasn't clear enough.  I wasn't looking
> for an integrity checker to detect changed files on my server.  If I
> were, I would use Integrity Toolkit (before tripwire, there wat IT!, and
> IT is better). 
> 
> 	I am looking for a real-time intrusion detection system that can
> take information provided by syslogs and other similar sources coming
> from a distributed network of computers, fuse the incoming information,
> and detect both patterns that are dissimilar to normal usage patterns
> and patters that are indicative of known attack profiles.
> 
> 	A good example is CMDS by SAIC, but I know there are other such
> products, and I am trying to get in touch with the vendors of those
> other products to determine if any of them are as viable as CMDS, what
> they cost, how they operate, and whether they will meet the needs of my
> client. 
> 
> 	I am interested in a package that operates on information from
> different sources, including but not limited to Unix varieties and
> output from routers.  It would be best if it ran on trusted computing
> bases, it would be nice if was programmable to allow us to customize it
> to meet the client's ever-changing needs, and it would be even better if
> it were supported by a substantial commercial organization with a
> long-term commitment to its ongoing availability and enhancement. 
> Finally, it would be nice if the cost were relatively modest for the
> value given, taking into account support, customization, etc.
> 
> 	I hope this has clarified my request for information.
> 
> -- 
> -> See: Info-Sec Heaven at URL http://all.net
> Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
> 

-- 
mark seiden, mis@seiden.com, 1-(415) 592 8559 (voice)

Next message: adamsb@un.org: "Re: Looking for intrusion detection - Tripwire isn't it"
Previous message: Dr. Frederick B. Cohen: "The Info-Sec Super Journal"
In reply to: Dr. Frederick B. Cohen: "Looking for intrusion detection - Tripwire isn't it"
Next in thread: adamsb@un.org: "Re: Looking for intrusion detection - Tripwire isn't it"