LinuxQuestions.org - OSS product to replace CS-MARS

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - OSS product to replace CS-MARS (https://www.linuxquestions.org/questions/linux-security-4/oss-product-to-replace-cs-mars-815717/)

TBC Cosmo

06-22-2010 01:02 PM

OSS product to replace CS-MARS

I'm looking for an open source solution to replace Cisco CS-MARS. MARS aggregates syslog data sent to it from remote devices and creates an attack mitigation plan that can then be applied to the devices. It can be used with servers, security appliances and network devices.

I had a brief look at snort, but that seems to function at the packet level and does not aggregate syslog data.

Does anyone have experience or maybe know of a product I should look at?

Thanks

unSpawn

06-22-2010 05:05 PM

Have a brief look at OSSIM or Prelude? If they are not completely what you require they at least might provide the framework to integrate things into.

TBC Cosmo

06-22-2010 05:57 PM

OSSIM is looking promising.

All times are GMT -5. The time now is 07:57 PM.