On 7/10/12 10:10 AM, Brian Schultz wrote: So I recently started a new job at a small-ish hospital and was tasked with setting up something that can audit security logs. It sounds and is pretty vague, but this is for HIPAA compliance. I'm more of an infrastructure guy and haven't had a chance to deal with security much and my only exposure is really through the podcast. I have no idea what products are out there to do these things. The environment here is about 99.99% Windows. I was taking a look at Solarwinds Log and Event Manager which looks pretty good so far, but it also requires an agent to be installed on any machines you want to monitor which can be a hassle.
Hi there, Tenable just released version 4 of our Log Correlation Engine. It combines ad-hock log search with advanced correlation. There are 100s of easy to use pre-built dashboards for tracking botnets, authentication, ids events, .etc and all of the correlation is built in and turned on by default so you don't have to configure a bunch. it has similar WMI and agents to collect system logs, but also parses realtime logs from the Tenable Passive Vulnerability Scanner, so you can get DNS, file sharing, web browsing, SSH and other network events without having to deploy agents or even collect logs. It's priced extremely competitive to other SIMs and if you are doing any type of security monitoring, having your Nessus scanner(s) managed from the same console as your log analysis tools not only makes your HIPAA reporting easier (since you have vulns & events in one spot), it makes your security monitoring better as well. Log Correlation Engine url: http://www.tenable.com/products/tenable-log-correlation-engine Dashboards: http://blog.tenable.com/sc4dashboards/ Ron Gula Tenable Network Security
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
