RE: [ISSForum] Fusion module and checkpoint+cisco

Fri, 11 Mar 2005 06:35:59 -0800 

We had the 3rd part module setup to handle event from our PIX firewalls but
it only seemed to use a very small subset of events. Most of those were the
native PIX IDS such as  Large ICMP Packets,  and management events such as
privileged logins and configuration changes. It does nothing to show you
when a certain rule might be hit or things like that and is not very
configurable. In the end we stopped using it and are looking at more robust
logging and event correlation tools.


Regards,
Chris Norris
American Modern Insurance Companies
Sr. Security Engineer
IS Risk and Security Management
7000 Midland Blvd.
Amelia, OH 45102
Ph: 513-947-5454
email: [EMAIL PROTECTED]


                                                                           
             "Griffin, Bob"                                                
             <[EMAIL PROTECTED]                                             
             lub.com>                                                   To 
             Sent by:                  <[email protected]>                  
             issforum-bounces@                                          cc 
             iss.net                                                       
                                                                   Subject 
                                       RE: [ISSForum] Fusion module and    
             03/09/2005 08:33          checkpoint+cisco                    
             AM                                                            
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Could you please explain what the "SiteProtector Third Party Module" is
used for?  The readme file for this module download describes the
"SiteProtector Third Party Module" as:

"DESCRIPTION
=====================================================================
The RealSecure SiteProtector Third Party Module interfaces with
Check Point NG and Cisco PIX firewalls to deliver high value firewall
events to the SiteProtector analysis interface. By gathering this
information, you can easily correlate firewall and third party events
with their intrusion detection and vulnerability assessment data
native to the ISS suite of security products."

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Kaylor, Adrian (ISS Atlanta)
Sent: Tuesday, March 08, 2005 9:55 AM
To: Pascual Perez; [EMAIL PROTECTED]
Subject: RE: [ISSForum] Fusion module and checkpoint+cisco

There are currently no correlation items for Fusion for CheckPoint or Cisco
logs.



Thank you,

Adrian Kaylor, CISSP
Technical Product Manager
Internet Security Systems
Phone:  (404) 236-3052
-----Original Message-----
From: [EMAIL PROTECTED] On Behalf Of Pascual Perez
Sent: Monday, March 07, 2005 5:38 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Fusion module and checkpoint+cisco

hi, can  Fusion Module integrate the correlation  with Checkpoint FW1 and
CISCO logs?and how?

thanks  in Advance

Pascual Alberto P�rez del Real
Azertia Consulting

_______________________________________________
ISSForum mailing list
[email protected]

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
[email protected]

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.




This message is intended only for the use of the Addressee and may contain
information that is PRIVILEGED and CONFIDENTIAL.  If you are not the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited.  If you have received this
communication in error, please erase all copies of the message and its
attachments and notify us immediately.  Thank you.

_______________________________________________
ISSForum mailing list
[email protected]

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
[email protected]

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.

Reply via email to