We went with Nitro for our new data center as well. I was not part of the eval process for that though, so I can't really answer too many questions about it.
On Wed, Mar 16, 2011 at 11:48 AM, Kevin Lundy <klu...@gmail.com> wrote: > I do believe MARS is on life support. > > We evaluated Nitro Security appliances (FIPS certified), along with Splunk, > Arcsight and one other whose name is escaping me. We liked Splunk's "search > for IT" perspective, but didn't like having to build all the rules and > alerts from scratch. Once I get funding, I will likely go with Nitro. > > On Wed, Mar 16, 2011 at 11:42 AM, Weatherford, Chad < > cweatherf...@scvl.com> wrote: > >> We have MARS…but rumor is its days are numbered. Not to mention you >> cannot get details or customize alerts. >> >> >> >> I just finished implementing TriGeo. So far I really like it and support >> is great! >> >> >> >> >> >> >> >> *Chad Weatherford* | Network/Security Administrator | *Shoe Carnival, >> Inc. **| *(:812.867.8314 | 7: 812.471.9866 | *: *cweatherf...@scvl.com* >> >> >> >> *From:* Matthew Bullock [mailto:mbull...@root9.com] >> *Sent:* Monday, March 14, 2011 15:29 >> >> *To:* NT System Admin Issues >> *Subject:* RE: SIEM >> >> >> >> Just the general splunk product. >> >> >> >> Trustwave is the PCI auditor and they were trying to sell us their >> appliance during the last audit. One requirement for us is that the product >> be available as a software virtual appliance, so I’ll check on their >> offering again. >> >> >> >> I’ll also dig around SC, thanks. >> >> >> >> *From:* Andrew S. Baker [mailto:asbz...@gmail.com] >> *Sent:* Monday, March 14, 2011 10:59 AM >> *To:* NT System Admin Issues >> *Subject:* Re: SIEM >> >> >> >> Did you look at the security product, or just the general Splunk product? >> >> >> >> Also look at TrustWave. >> >> >> >> Lastly, SC Magazine is one of the best sources for useful reviews on this >> category of products. They are thorough in their review methodology. >> >> >> >> *ASB *(Find me online via About.Me <http://about.me/Andrew.S.Baker/bio>) >> *Exploiting Technology for Business Advantage...** >> * >> * * >> >> >> >> On Mon, Mar 14, 2011 at 1:20 PM, Matthew Bullock <mbull...@root9.com> >> wrote: >> >> I took a look at Splunk 6 months ago, but decided it was a bit raw and >> didn’t have enough built-in reports. I’d like to see native support for >> Cisco IOS, ASA, IPS, SBC and NSEL, Windows WMI, Exchange, VMware, MS SQL, >> IIS, AD, maybe Avaya Communications Manager and UNIX/Linux/Syslog. >> >> >> >> -matt >> >> >> >> *From:* Andrew S. Baker [mailto:asbz...@gmail.com] >> *Sent:* Monday, March 14, 2011 9:40 AM >> *To:* NT System Admin Issues >> *Subject:* Re: SIEM >> >> >> >> Other options include: >> >> - http://www.trigeo.com/ >> - http://www.splunk.com/view/enterprise-security-suite/SP-CAAAE8Z >> >> >> >> What devices will you be tracking? >> >> >> >> *ASB *(Find me online via About.Me <http://about.me/Andrew.S.Baker/bio>) >> *Exploiting Technology for Business Advantage...** >> * >> * * >> >> >> >> On Mon, Mar 14, 2011 at 12:33 PM, Matthew Bullock <mbull...@root9.com> >> wrote: >> >> Does anyone have any experience/opinions with implementing SIEM or logging >> solutions? Right now, we’re looking mainly at Accelops, Log Logic and Log >> Rhythm, as well as an upgrade to our existing Cisco MARS appliance and I >> would love to hear anyone’s thoughts on these or any other solutions worth >> looking into. >> >> >> >> Thanks, >> >> >> >> -matt >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin