What reporting tools are available for an enterprise IDS?

Modern security analysts can easily become overwhelmed by the variety and quantity of audit records. In this SearchSecurity.com Q&A, network expert Mike Chapple reveals which open-source reporting tools can make life easier.

This Content Component encountered an error
What reporting and correlation tools are available for use when setting up an IDS on an enterprise network? Are there open-source options?
Reporting and correlation of security information is a hot topic in our field today. Modern security analysts have a ton of information at their fingertips and can easily become overwhelmed by the variety and quantity of audit records. In addition to intrusion detection systems (IDS), log archives often contain data from operating system logs, network devices, antivirus software, firewalls, authentication systems and numerous other sources.

What's a security professional to do with all of this data? A variety of tools in the security information management/security event management (SIM/SEM) family offer the consolidated reporting and correlation that you seek. In addition to a number of commercial tools, there are open source options, such as the Open Source Security Information Manager (OSSIM) project. For a more detailed look at the SIM/SEM market, read the tip Security...

Information Management Finally Arrives, Thanks to Enhanced Features.

More information:

This was first published in August 2008

Dig deeper on Security Event Management



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: