-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/10/12 10:10 AM, Brian Schultz wrote:
> So I recently started a new job at a small-ish hospital and was
> tasked with setting up something that can audit security logs. It
> sounds and is pretty vague, but this is for HIPAA compliance. I'm
> more of an infrastructure guy and haven't had a chance to deal with
> security much and my only exposure is really through the podcast. I
> have no idea what products are out there to do these things. The
> environment here is about 99.99% Windows. I was taking a look at
> Solarwinds Log and Event Manager which looks pretty good so far,
> but it also requires an agent to be installed on any machines you
> want to monitor which can be a hassle.
Hello,
Now days, most network devices support syslog (Cisco routers,
switches, *nix boxes). Unfortunately, Windows Event logs are a
different format, so in many cases, you have to load a "Event to
Syslog" agent in order to get them to your SIEM in "real time". My
point is that many solutions for Windows require a Windows "agent" to
be loaded. There are a lot of agents out there. Adiscon makes one
(the author of rsyslog), Snare and even a Evt2sys open source agent
(http://code.google.com/p/eventlog-to-syslog/).
If you're up for the task, you might want to look at Sagan
(http://sagan.quadrantsec.com). It's a open source solution which can
identify threats and correlate them with Sourcefire's "Snort" IDS/IPS
sensors in real time. If you need a more "appliance" approach, you
can inquire about that @ http://www.quadrantsec.com.
Obvious disclaimer: I do work at Quadrant Information Security.
- --
- - Champ Clark III ([email protected])
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJP/LSxAAoJENnmXt7Lmc3KQ1kH/jw1WhjD2fg7c5I0ywi4Tz7P
/+LBbLPC9oKmhTp4C6Bjy6BZq0S3VdossuMB9tqP7B6CHQjnIC24b1uT5y2lgK5B
EMaxV69oflzxdJfGRaukOvLmj7DzJBqbdc9BwUj9Nfi3zmPaPwcVXWOY6vlVs3NP
KtpnKxpxwK3hekr4at3LILNhL2PHyqYVLUYNhGNnArGEwdu7njBMHocu8YcLiErw
/4mdtPmlyz0HRT8ce4f3hqacSawTV93PMAjfKw23PVTdoJg87kD3mrP+cPpjnzsC
xkvlVWwl/x2k9GWlqpnPEJf7q6f4DjcmQZyYCph9QaQeQ78eMXxnlNmt/pqlY28=
=2772
-----END PGP SIGNATURE-----
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
