Hello Forest, In our company we are using Prelude (http://www.prelude-ids.com), a hybrid opensource IDS, and I must say I am happy with it.
As far as I remember, the exaProtect solution was originaly based on Prelude. Which doesn't seem to be the case anymore. After comparing several IDS, I choose Prelude because I got very astonished with its performances. Of course, I must admit that its free download availability made the choice easier. Of course, if you are looking for a hardware solution, Prelude won't be interesting for you since it is software only. Other important points I found interesting: - being opensource, Prelude has unlimited compatibilities. I use it to monitor alerts from my snorts, nagios, samhain and a custom sensor I wrote for my company. - behind the opensource project Prelude, there is the Prelude IDS Tech. company providing technical support and add-ons. I had already request edthem support and I got satisfaction. The negative point is regarding events correlation system. However there is a basic tool along with prewikka (the GUI frontend) that gather automaticaly alerts according to source/destination I use a still-in-development system called "SEC". I hope that helps, --- STR [EMAIL PROTECTED] wrote: > I work for an MSSP, and we are currently looking at expanding our Managed IDS > offering. As part of this we are looking for a product that will collect and > aggregate events from a large number of heterogenous event sources (if truly > event generator agnostic, then even better) (both network and host sensors). > In short, (some of) our requirements are that it can collect events, > standardise their format and allow us to apply filtering *after* event > collection (so it would necessarily have to support high volumes of data). > > After collection, events need to be stored securely, and displayed to > analysts in as good a way as possible (I am sure we all have our preferences > here - I am partial to Sguil/Sguil-like displays). > > Now - to my question. We have looked at exaProtect, and it seems like a solid > product which meets a majority of our requirements. I was wondering if anyone > on the list have any experiences / opinions on exaProtect that they would > like to share? > > Thanks in advance. > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
