Raffy, What do you like about ArcSight? The policy engine? Compliance?
Which version of Arcsight did you look at?
Cheers, Reza
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Raffael Marty Sent: Montag, 21. Januar 2008 18:17 To: swinog@swinog.ch Subject: Re: [swinog] Log centralisation / mining
On Jan 21, 2008, at 3:45 AM, Roman Hochuli wrote:
Hello Raffy
Splunk. Definitely Splunk ;)
Raffael Marty Chief Security Strategist @ Splunk> Security Visualization: http://secviz.org raffy.ch/blog
I see. A totally unbiased position. ;)
I assumed that was obvious... That's why I also said:
On a serious note, I ...
Reza wrote:
The most professional solution on market is surely EMC/RSA envision, if you see it you won't want to bother with anything else.
I would totally disagree. If you really want to go down that route, ArcSight is the one you want to go for. But again, be clear on what you are trying to do. All of these solutions are slightly different and should match your use.
-raffy
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog