Problem solve Get help with specific problems with your technologies, process and projects.

What reporting tools are available for an enterprise IDS?

Modern security analysts can easily become overwhelmed by the variety and quantity of audit records. In this SearchSecurity.com Q&A, network expert Mike Chapple reveals which open-source reporting tools can make life easier.

What reporting and correlation tools are available for use when setting up an IDS on an enterprise network? Are there open-source options?
Reporting and correlation of security information is a hot topic in our field today. Modern security analysts have a ton of information at their fingertips and can easily become overwhelmed by the variety and quantity of audit records. In addition to intrusion detection systems (IDS), log archives often contain data from operating system logs, network devices, antivirus software, firewalls, authentication systems and numerous other sources.

What's a security professional to do with all of this data? A variety of tools in the security information management/security event management (SIM/SEM) family offer the consolidated reporting and correlation that you seek. In addition to a number of commercial tools, there are open source options, such as the Open Source Security Information Manager (OSSIM) project. For a more detailed look at the SIM/SEM market, read the tip Security Information Management Finally Arrives, Thanks to Enhanced Features.

More information:

This was last published in August 2008

Dig Deeper on SIEM, log management and big data security analytics

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.