On 6/5/2011 9:02 AM, Marius wrote: > Hi! > > Since no one answered, I'll try my best here. > > On 24 May 2011 16:04, Beetz <[email protected]> wrote: >> I'd be interested to hear the community's experiences with El Jefe - for >> example has anyone deployed it in a limited basis in a production >> environment, > > First of all I would recommend the ElJefe mailing list. You'll have > better luck finding experience there. > > I deployed ElJefe and beta-tested several releases. The interesting > point for me was seeing it log me exploiting applications on Windows > hosts. For a VM hacking lab ElJefe is quite recommendable. But for a > large production environment I'd only monitor important key assets and > not every application due to false-positives and performance issues.
Hi Marius, I'm a big fan of performing process monitoring and would love more feedback from you. What sort of performance issues did you see? Did the OS run slower with this level of monitoring? I'm curious what level of performance you already had before installing ElJefe. I'm also curious what impact to the system something like enabling process audit logging (if you are windows) may have had. This is how we gather logs like that for our Tenable products. Also, what kind of false positvies did you see? Were there actual cases where a process was logged running by ElJefe yet it wasn't there? Lastly, I agree it does take effort to gather logs and focusing on your servers is better than not logging any processes at all. However, I strongly recommend you at least enable process accounting on your desktop/laptop systems and collect this information. -- Ron Gula, CEO Tenable Network Security http://www.tenable.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
