And now a narrative on the hijacking of the hijacking...
-sc From: [email protected] [mailto:[email protected]] On Behalf Of Ben Scott Sent: Thursday, April 10, 2014 5:58 PM To: [email protected] Subject: Re: [NTSysADM] Question on those working with SEIM This thread has now been hijacked by a discussion about the finer points of thread hijacking. On Thu, Apr 10, 2014 at 5:01 PM, Michael B. Smith <[email protected]> wrote: Unfortunately, most email clients are not smart enough to trim References and Threading headers, when all you do is change the subject. From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Thursday, April 10, 2014 11:43 AM To: ntsysadm Subject: Re: [NTSysADM] Question on those working with SEIM He didn't hijack the thread, Kurt. The subject was changed. He started a new message via a reply, but failed to trim all the excess... No virtual animals were harmed by this activity... ASB http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Wed, Apr 9, 2014 at 4:57 PM, Kurt Buff <[email protected]> wrote: On Wed, Apr 9, 2014 at 7:48 AM, Ziots, Edward <[email protected]> wrote: > I have a question is anyone using Snare Client out there on their > servers/Domain Controllers, to send eventlog files to a SEIM? We are being > asked as a apart of a SIEM implementation to utilize the Snare Client to > send the logs off to a Symantec (LCP (Log collection point). > > Any experiences on this front, since I have not utilized this before. Z, you hijacked a thread. That's a bit uncool... However, yes, I've used the Snare client, and it seems to work just fine. Never had any problems with it. All I do is cast the logs to a syslog server. Don't have an SEIM in-house yet, but I'm working on it. Kurt
