Correlation rules
Jaime Nebrera
jnebrera at eneotecnologia.com
Sat Jan 4 03:53:24 EST 2014
Hi Carter, the main point is at this moment we don't plan to develop
netflow probes, but just use existing ones like Cisco 's or Palo Alto
Our users want L7 application identification, and honestly, that's an arms
race we prefer not to enter for now
Jaime Nebrera - ENEO Tecnología
Sent with mobile, sorry for typos
El 04/01/2014 01:24, "Carter Bullard" <carter at qosient.com> escribió:
> You should consider using argus as an advanced flow data generator,
> and its approach does solve fundamental problems with netflow.
> (bidirectionality, L2, vlan tags, mpls labels, broadcast <-> unicast
> flow models, packet dynamic metrics and content.
>
> We can collect netflow, but argus data is really way ahead.
> How can you say no :O)
>
> Carter
>
> On Jan 3, 2014, at 4:33 PM, Jaime Nebrera <jnebrera at eneotecnologia.com>
> wrote:
>
> Hi Matt, I will reply Tuesday I'm depth.
>
> > Will you be integrating this into the eneo redBorder IDS? I'm not sure
> about the argus usage license, but Carter can speak to this.
>
> We intend to apply all this ideas into redBorder platform, yes, I'm not
> sure if Argus itself will make it or not
>
> At this moment the project is built around an IDS/IPS and a netflow
> collector. Next we will work on the correlation engine side as well as log
> management
>
> Regards
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140104/2eb65c14/attachment.html>
More information about the argus
mailing list