Raffy, What do you like about ArcSight? The policy engine? Compliance? Which version of Arcsight did you look at?
Cheers, Reza -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raffael Marty Sent: Montag, 21. Januar 2008 18:17 To: [EMAIL PROTECTED] Subject: Re: [swinog] Log centralisation / mining On Jan 21, 2008, at 3:45 AM, Roman Hochuli wrote: > Hello Raffy > >> Splunk. Definitely Splunk ;) > > -- >> Raffael Marty >> Chief Security Strategist @ Splunk> >> Security Visualization: http://secviz.org raffy.ch/blog > > I see. A totally unbiased position. ;) I assumed that was obvious... That's why I also said: > On a serious note, I ... Reza wrote: > The most professional solution on market is surely EMC/RSA envision, > if you see it you won't want to bother with anything else. I would totally disagree. If you really want to go down that route, ArcSight is the one you want to go for. But again, be clear on what you are trying to do. All of these solutions are slightly different and should match your use. -raffy _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
