DeepSight Extractor 4.2 Release

From: Oliver Friedrichs <oliver_friedrichs(at)symantec.com>
Date: Mon Jul 07 2003 - 19:10:43 EDT

Hello Everyone,

I am pleased to announce the release of version 4.2 of DeepSight Extractor, and the update of the DeepSight Analyzer web-site.

This release of DeepSight Extractor adds support for Norton Personal Firewall 2003, Norton Internet Security 2003 and Internet Security Systems SiteProtector 2.0. Users of these products can download the new DeepSight Extractor software, and benefit from the free DeepSight Analyzer service. In addition to the new DeepSight Extractor release, the DeepSight Analyzer site has been updated to reflect the acquisition of SecurityFocus by Symantec last year.

The latest version of DeepSight Extractor can be obtained from:

http://analyzer.symantec.com/download.asp

DeepSight Extractor 4.2 now supports the following Intrusion Detection and Firewall systems:

BlackIce                    2.0-3.x
Cisco IOS                   12.x
Cisco PIX                   4.2-5.1
Cisco Secure IDS            2.5-3.0
Enterasys Dragon            4.2.2
Check Point Firewall-1      Next Generation, NG

IP Chains
ipmon (IPF)

NetProwler                  3.5x
NetScreen                   200, 100, 50, 25, 5XP

Norton Internet Security 2003
Norton Personal Firewall 2003

RealSecure                  3.1-5.5, 6.00-7.0
SiteProtector (ISS)         2.0
Snort                       1.6-1.9.x,2.x
Snort Portscan              1.6-1.9.x,2.x
Snort Scan Log              1.9-2.x
ZoneAlarm                   2.6.0-3.7

DeepSight Analyzer is a free web-based event management console providing correlation and reporting on events being observed by your security devices.

You can register for DeepSight Analyzer at:

http://analyzer.symantec.com

By joining the DeepSight Analyzer program at Symantec, you receive a number of benefits. DeepSight Analyzer gives you the following functionality, at absolutely no charge to you:

1. Automated Daily Summary Reports

Each day, at the time that you choose, you will receive a summary report via email. This report summarizes all activity that your sensors have observed over the previous 24 hour period. This report includes the top events that you have seen, the top ports that you have seen activity on, the top IP addresses from which this activity has originated, and the countries from which the events originated.

2. Online Event Viewing

You will receive access to the web-based DeepSight Analyzer online console. Through this console you can view a history, for previous 30 days, of all events that your systems have submitted. In addition to viewing events, DeepSight Analyzer will allow you to draft a notification message, to be sent to the owner of a network from which you have been attacked. This message will contain a detailed list of all events observed from the originating network.

3. Online Report Generation

Through the DeepSight Analyzer online console you can generate reports, summarizing event activity over a period of time. You can report on the top events that are being observed on your network, determine which country, ISP, and IP addresses are attacking you, and summarize activity for a particular attacker.

Feel free to contact me directly or email analyzer@symantec.com, if you have any questions or need assistance in getting up and running,

Oliver Friedrichs
Sr. Manager - DeepSight
(650) 381-8045

---

The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, and distributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn more.

---

Received on Mon Jul 7 19:37:10 2003