SupaRice Posted October 4, 2010 Share Posted October 4, 2010 I'm looking for a good event correlation device/software. Something that can help reduce the standard information overload you get from the tons of log messages from firewalls, IPS devices, servers, etc. Security oriented correlation. I've had experience with Cisco's MARS: http://www.cisco.com/en/US/products/ps6241/index.html Which is a great idea, that works well in a lab. But in the real world, ummmm, not so much. Not to mention you have to have pretty much all Cisco gear for it to be of any value. And, like everything else they make, it's ridiculously expensive. I've also messed with Splunk, which I think is awesome, but doesn't really put any intelligent correlation to the information. It just seems to be a better way to sort information. http://www.splunk.com Has anyone used something that they like? The only other ones I know of, which are both really expensive, are RSA enVision and Q1. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.