I echo what others have said. After only being able to keep TPM up and running about 50% of the time and receiving a very sparse amount of syslog entries I gave up. I logged a call with ISS, they claimed to not have any issues keeping TPM running and they confirmed that those small amounts of syslogs were all TPM was built to do. I gave up on using it.
David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Norris/AMIG Sent: Thursday, March 10, 2005 8:35 AM To: Griffin, Bob Cc: [EMAIL PROTECTED]; [email protected] Subject: RE: [ISSForum] Fusion module and checkpoint+cisco We had the 3rd part module setup to handle event from our PIX firewalls but it only seemed to use a very small subset of events. Most of those were the native PIX IDS such as Large ICMP Packets, and management events such as privileged logins and configuration changes. It does nothing to show you when a certain rule might be hit or things like that and is not very configurable. In the end we stopped using it and are looking at more robust logging and event correlation tools. Regards, Chris Norris American Modern Insurance Companies Sr. Security Engineer IS Risk and Security Management 7000 Midland Blvd. Amelia, OH 45102 Ph: 513-947-5454 email: [EMAIL PROTECTED] "Griffin, Bob" <[EMAIL PROTECTED] lub.com> To Sent by: <[email protected]> issforum-bounces@ cc iss.net Subject RE: [ISSForum] Fusion module and 03/09/2005 08:33 checkpoint+cisco AM Could you please explain what the "SiteProtector Third Party Module" is used for? The readme file for this module download describes the "SiteProtector Third Party Module" as: "DESCRIPTION ===================================================================== The RealSecure SiteProtector Third Party Module interfaces with Check Point NG and Cisco PIX firewalls to deliver high value firewall events to the SiteProtector analysis interface. By gathering this information, you can easily correlate firewall and third party events with their intrusion detection and vulnerability assessment data native to the ISS suite of security products." -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaylor, Adrian (ISS Atlanta) Sent: Tuesday, March 08, 2005 9:55 AM To: Pascual Perez; [EMAIL PROTECTED] Subject: RE: [ISSForum] Fusion module and checkpoint+cisco There are currently no correlation items for Fusion for CheckPoint or Cisco logs. Thank you, Adrian Kaylor, CISSP Technical Product Manager Internet Security Systems Phone: (404) 236-3052 -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of Pascual Perez Sent: Monday, March 07, 2005 5:38 PM To: [EMAIL PROTECTED] Subject: [ISSForum] Fusion module and checkpoint+cisco hi, can Fusion Module integrate the correlation with Checkpoint FW1 and CISCO logs?and how? thanks in Advance Pascual Alberto P�rez del Real Azertia Consulting _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank you. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
