Correlation rules
Carter Bullard
carter at qosient.com
Fri Jan 3 19:24:35 EST 2014
You should consider using argus as an advanced flow data generator,
and its approach does solve fundamental problems with netflow.
(bidirectionality, L2, vlan tags, mpls labels, broadcast <-> unicast
flow models, packet dynamic metrics and content.
We can collect netflow, but argus data is really way ahead.
How can you say no :O)
Carter
On Jan 3, 2014, at 4:33 PM, Jaime Nebrera <jnebrera at eneotecnologia.com> wrote:
> Hi Matt, I will reply Tuesday I'm depth.
>
> > Will you be integrating this into the eneo redBorder IDS? I'm not sure about the argus usage license, but Carter can speak to this.
>
> We intend to apply all this ideas into redBorder platform, yes, I'm not sure if Argus itself will make it or not
>
> At this moment the project is built around an IDS/IPS and a netflow collector. Next we will work on the correlation engine side as well as log management
>
> Regards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140103/eeb6f979/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140103/eeb6f979/attachment.bin>
More information about the argus
mailing list