Andres Aguirre wrote: > Hi, I am new to the list and SEC. I think that SEC has a great power > for defining rules for correlation and I plan to use it in my > organization, but recently we have found OSSIM (http://www.ossim.net/) > and I wonder in base of the experience you have, which of the two > alternatives is better for a production enviroment?. > Thanks! > Regards > > Andrés >
hi Andres, I think it is quite hard to compare OSSIM and SEC, since they have been designed for fairly different purposes. I haven't yet had an in-depth look at OSSIMv2, but the impressions I got from v1 is that it is created for rather specific tasks only (accepting and correlating log data from Snort and few other security sensors). I might be mistaken, but I got an understanding that there is no straightforward interface to add your own sensor to the system that produces logs in custom format. SEC, on the contrary, is a generic solution for all log types and does not assume that you are sending in data from a few specific applications only. It's more like the 'grep' tool which works for all log types :) br, risto ------------------------------------------------------------------------------ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
