I'm going through a somewhat overwhelming evaluation for a SIM solution for our company. We have several UNIX (AIX) servers, 35+ NT/2000 servers, SNORT IDS, possible commercial IDS in the future, Command anti-virus, CheckpointFW, CISCO basic router IDS, Cisco VPN concentrator, 8 cisco routers and 10 cisco switches. NetForensics looks pretty strong but all of them have a pretty hefty price tag. I'm looking for any of you out there who could recommend solutions based on your experience. I will need to provide management with reports of incidents and activity(justify my job and other security expenditures). I'm looking for something that makes managing all of these sets of information somewhat less daunting and that is somewhat intuitive to use.
Thanks _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com