Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1141
Views
0
Helpful
6
Replies

Feedback - CiscoWorks Security Information Management Solution

harizanovg
Level 1
Level 1

‎07-01-2004 10:02 AM - edited ‎02-20-2020 11:29 PM

Can somebody share his experience with

CiscoWorks Security Information Management Solution (CiscoWorks SIMS)?

How do you like it? Is it doing what it is supposed to do well?

Thanks

0 Helpful
6 Replies 6

joturner
Level 1
Level 1

‎09-28-2004 09:13 AM

I have installed the SIMS 3.1 appliance into a small web hosting network. I have 4 Cisco IDS, 8 routers, and 6 Pix firewalls all reporting to the unit.

I am in the process of exploring all the different reports available. So far I am happy with automated reporting capability.

I have found that the vast majority of events are due to system misconfiguration, network cleanup, etc. There is definitely a significant effort to tune your reporting devices in order to avoid false positives and other "noise".

I am also looking into the Risk Management cabability but the documentation is less than helpful. Apparently the "brute force" method of just diving in and testing all the capabilities of the system is the only way to really learn it.

Let me know if you have any specific questions and I will do my best to answer.

JT

0 Helpful

dmitry
Level 1
Level 1
In response to joturner

‎10-15-2004 01:47 PM

I'm interested in this product too, especially its ability to correlate the security activity info from the different sources and not only Cisco based devices such as Snort, UNIX syslogs, however, it seems like it is a bit behind supporting the Snort's version (1.8 now)/signatures, for example.

0 Helpful

joturner
Level 1
Level 1
In response to dmitry

‎10-18-2004 08:38 AM

I have been running SIMS 3.1 in a web hosting environment for the last couple of months. Event sources we are collecting from include Cisco routers, Cisco IDS, PIX firewalls, and we are in the process of setting up the nF Agent for IIS webServer and the TripWire agent.

Let me know if you have any specific questions about the product and I would be happy to give you my feedback.

JT

0 Helpful

davemit
Level 1
Level 1
In response to joturner

‎11-30-2004 07:40 AM

We have purchased the SIMS product, and I need to get up to speed on it as quickly as possible.

Does anyone know of any training courses available for this product? Or possibly any books or manuals that you could recommend?

Thanks,

- DM

0 Helpful

joturner
Level 1
Level 1
In response to davemit

‎11-30-2004 10:27 AM

The only documentation I know of is on the Cisco web site and/or the netForensics website.

http://cisco.com/en/US/partner/products/sw/cscowork/ps5209/index.html

http://netforensics.com/

I don't think there has been anything written by 3rd parties.

Word of caution, the documentation is not very deep at all so you may need to lean on the Cisco TAC for more in depth information.

What devices are you planning on collecting security information from?

JT

0 Helpful

davemit
Level 1
Level 1
In response to joturner

‎11-30-2004 10:52 AM

Right now it is all Cisco stuff. PIX's and routers mainly.

I need to get into the product to see what it can do so I can determine how we can best use it.

I'm primarily interested in the reporting aspect of it, as we manage various security devices for our customers, and I need a way of producing some reports that I can deliver to the customer.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card