topic Re: Feedback - CiscoWorks Security Information Management Soluti in Network Security

Feedback - CiscoWorks Security Information Management Solution

harizanovg — Fri, 21 Feb 2020 07:29:21 GMT

Can somebody share his experience with

CiscoWorks Security Information Management Solution (CiscoWorks SIMS)?

How do you like it? Is it doing what it is supposed to do well?

Thanks

Re: Feedback - CiscoWorks Security Information Management Soluti

joturner — Tue, 28 Sep 2004 16:13:58 GMT

I have installed the SIMS 3.1 appliance into a small web hosting network. I have 4 Cisco IDS, 8 routers, and 6 Pix firewalls all reporting to the unit.

I am in the process of exploring all the different reports available. So far I am happy with automated reporting capability.

I have found that the vast majority of events are due to system misconfiguration, network cleanup, etc. There is definitely a significant effort to tune your reporting devices in order to avoid false positives and other "noise".

I am also looking into the Risk Management cabability but the documentation is less than helpful. Apparently the "brute force" method of just diving in and testing all the capabilities of the system is the only way to really learn it.

Let me know if you have any specific questions and I will do my best to answer.

Re: Feedback - CiscoWorks Security Information Management Soluti

dmitry — Fri, 15 Oct 2004 20:47:51 GMT

I'm interested in this product too, especially its ability to correlate the security activity info from the different sources and not only Cisco based devices such as Snort, UNIX syslogs, however, it seems like it is a bit behind supporting the Snort's version (1.8 now)/signatures, for example.

Re: Feedback - CiscoWorks Security Information Management Soluti

joturner — Mon, 18 Oct 2004 15:38:19 GMT

I have been running SIMS 3.1 in a web hosting environment for the last couple of months. Event sources we are collecting from include Cisco routers, Cisco IDS, PIX firewalls, and we are in the process of setting up the nF Agent for IIS webServer and the TripWire agent.

Let me know if you have any specific questions about the product and I would be happy to give you my feedback.

Re: Feedback - CiscoWorks Security Information Management Soluti

davemit — Tue, 30 Nov 2004 15:40:43 GMT

We have purchased the SIMS product, and I need to get up to speed on it as quickly as possible.

Does anyone know of any training courses available for this product? Or possibly any books or manuals that you could recommend?

Thanks,

- DM

Re: Feedback - CiscoWorks Security Information Management Soluti

joturner — Tue, 30 Nov 2004 18:27:45 GMT

The only documentation I know of is on the Cisco web site and/or the netForensics website.

http://cisco.com/en/US/partner/products/sw/cscowork/ps5209/index.html

http://netforensics.com/

I don't think there has been anything written by 3rd parties.

Word of caution, the documentation is not very deep at all so you may need to lean on the Cisco TAC for more in depth information.

What devices are you planning on collecting security information from?

Re: Feedback - CiscoWorks Security Information Management Soluti

davemit — Tue, 30 Nov 2004 18:52:16 GMT

Right now it is all Cisco stuff. PIX's and routers mainly.

I need to get into the product to see what it can do so I can determine how we can best use it.

I'm primarily interested in the reporting aspect of it, as we manage various security devices for our customers, and I need a way of producing some reports that I can deliver to the customer.