RE: Looking for intrusion detection - Tripwire isn't

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: choe song kwan: "How to get Ustat?"
• Previous message: Robert Owen Thomas: "NetProbe Information -- tool"

Dr. Cohen,

    I think this product may be the type you're looking for.  It's called
Audit Trail Analysis by Rascal-Guardata.  Here's some information from the
product description:

    -  Audit Trail Analysis takes input from any security log, and translates
       the data into standard format.  It understands the logs of all the
       major computer manufacturers (IBM, Unisys, Tandem, DEC, ICL, and more.
    -  The translated audit trails are loaded into its integrated relational
       data base, creating a single coordinated file.
    -  The next stage of the process is the analysis of that single log against
       a set of security rules.  These rules represent many man-years
       experience of computer security.  The rules define certain combinations
       of circumstances that may indicate breaches of security.  The
       combination of rules to be applied may be changed by the controller to
       map onto a specific security policy.
    -  For operational security, the system is stored and run in an
       independent computer.  It operates on any UNIX hardware that supports
       Nexpert Object.  It uses ORACLE as its relational database.  Rule
       Base development using C, OSF/Mitif and Nexpert Object.

For more information, such as pricing, contact Anthony C. Priest, General
Sales Manager, System Security Division.  480  Spring Park Place - Suite 900,
Herndon, Virginia  22070.  Telephone (703) 471-0892.

I have never used or seen this product in action but it certainly sounds
interesting.  I'd appreciate hearing your feedback on anything you find out.

Regards,
Nick Di Giovanni
IS Audit Manager
Rutgers University

• Next message: choe song kwan: "How to get Ustat?"
• Previous message: Robert Owen Thomas: "NetProbe Information -- tool"