ISDM Mgmt & Monitoring

Unanswered Question
Sep 20th, 2007

We bought 2 IDSMs, and currently are in the stage of evaluating different Management & Monitoring software, like MARS,Enterasys, etc, and would appreciate your hands-on experience and comments. thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
hoffa2000 Tue, 09/25/2007 - 08:48

Hi

I have two IDSMs online in our two 6513 and one MARS 50 to gather the information. I use the web interface, IDM, supplied with the IDSMs to manage the devices but only use MARS to monitor the dataflow, so far I haven't tuned any signatures on the IDSMs, I let MARS drop the false positives as suggested by the MARS manual.

I have worked alot with Snort and ACID before, although it cannot compare to the IDSM/MARS setup it is the only previous experience I have in security monitoring. I would say the MARS is a great tool for monitoring company wide security events and it helps you declutter the IDS traffic but it doesn't really "manage" the IDSMs as such, for that you might need another tool.

Regards

Fredrik

Actions

This Discussion