In the past we have used snort and sguil, and they worked pretty well. Over the summer, we rcvd our Mars box. It seems ok, but it has a ton of configuration options. In fact, we have our snort box sending alerts. One of the nice things about the Mars box is the ability to pull events from the event viewer logs.
Shane -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, October 15, 2009 3:32 PM To: NT System Admin Issues Subject: Re: Slight OT Cisco Mars book recommendation De nada. However, it looks to me as if this system is past EOL. Hope you can get that last upgrade... Kurt On Thu, Oct 15, 2009 at 12:18, Thomas Mullins <[email protected]> wrote: > Many thanks Kurt, > > Shane > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Thursday, October 15, 2009 3:19 PM > To: NT System Admin Issues > Subject: Re: Slight OT Cisco Mars book recommendation > > Don't have any thoughts on books, but I'll bet this guy can point you > in the right direction: > > http://ciscomars.blogspot.com/ > > On Thu, Oct 15, 2009 at 11:59, Thomas Mullins <[email protected]> > wrote: >> Can someone recommend a good book about the Cisco Mars? Really looking >> for a good book about how to configure the box. >> >> Thanks >> Shane > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
