Hosting Provided By

Re: [security-elvandar] RE: Correlation tool

From: Remko Lodder <remko(at)elvandar.org>
Date: Tue Jun 17 2003 - 14:14:22 EDT

Quoting "Matthew F. Caldwell" <mattc@guarded.net>:

Did you try puresecure? It can be obtained at http://www.demarc.com

It has a personal free version: "PureSecure Personal Edition for Unix and Windows
PureSecure Personal Edition is provided free of charge to personal users as a means to secure their home networks"

It uses MySQL [ which also can be downloaded for free ] and there you have a nice gui from which you can select events and select source / destination / sourceport / destinationport etc. This can help to correlate

Perhaps i am wrong about this one :-) But it might be an idea,

Do you need help?

Goodluck!

> Thomas,

> Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the

>
>

--

Met vriendelijke groet,

Remko Lodder
Webmaster Elvandar.org
Webmaster Firewalladministrator.org

Member of www.dshield.org Distributed Instrusion Detection
Member of www.dsinet.org Dutch Security Information Network

/*
$(echo 'find / -perm -004000'|sed -n -e 's/([^-]*)(.*)/21/g' -e 's/([^,]
*)e//g' -e 's/0//g' -e 's/4/r/g' -e 's/ind//p')
*/

-------------------------------------------------
http://www.elvandar.org Homepage Elvandar.org Security related
http://www.grunn.org Homepage of grunn.org
http://www.mostly-harmless.nl Wanna learn unix systems and about security? (dutch spoken)
http://www.dsinet.org Dutch Security Information Network
http://www.koekiemonster.com A site about dancing
http://www.piare.org Homepage Piare.org

-------------------------------------------------
This mail is for the addressee only. If you are
not that person please delete this mail right
now. Also be notified that every mail sent will
be scanned by our virusscanner.

Deze mail is bedoeld voor de geaddresseerde.
Als u niet deze persoon bent wordt u verzocht
om het mailtje direct te verwijderen. Wees er
ook van op de hoogte dat alle mailtjes gescanned
worden door onze virusscanner

----The mailserver daemon.
-------------------------------------------------

------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------

application/pgp-signature attachment: Digitale PGP handtekening

application/pgp-keys attachment: Openbare PGP sleutel

Received on Tue Jun 17 14:37:27 2003

This message: [ Message body ]
Next message: Angel Rivera: "RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me)"
Previous message: SecurIT Informatique Inc.: "Re: Views and Correlation in Intrusion Detection"
In reply to Matthew F. Caldwell: "RE: Correlation tool"
Next in thread: Ian Macdonald: "Re: [security-elvandar] RE: Correlation tool"
Reply: Ian Macdonald: "Re: [security-elvandar] RE: Correlation tool"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:14 EDT