You might want to look into DeepSight at Symantec which my partner and myself designed and built while at SecurityFocus (my partner stayed on so now he is a Symantec kind of guy ). There is a free component that you can join (see »aris.securityfocus.com ) and there are all sorts of global reports and analysis available(most are in the $ side however, but still there is a lot that is free). The idea is you send your IDS logs (supported systems here »analyzer.symantec.com/requirements.asp ) to DeepSight and you can use DeepSight to create all sorts of reports and such.
Blake -- »www.SonicLogger.com - Logging Software for SonicWall and 3Comhttp://www.LinkLogger.com - Logging Software for Linksys, Netgear and Zyxel
said by Link Logger:You might want to look into DeepSight at Symantec which my partner and myself designed and built while at SecurityFocus (my partner stayed on so now he is a Symantec kind of guy ). There is a free component that you can join (see »aris.securityfocus.com ) and there are all sorts of global reports and analysis available(most are in the $ side however, but still there is a lot that is free). The idea is you send your IDS logs (supported systems here »analyzer.symantec.com/requirements.asp ) to DeepSight and you can use DeepSight to create all sorts of reports and such.
Blake
I will assume that help will soon be on its way here. -- oO^..^OooO^..^Oo
·
). There is a free component that you can join (see »
