Solved: Security Monitor 2.1

NAVIN PARWAL · ‎08-29-2005

Folks,

I have a couple of questions regarding IDS MC 2.1.

1) Will it generate reports giving information about lets say critical alarms or lets say informational alarms?

2) How often does it access the database. I mean lets say the attck was happening, how soon would the security monitor be able to send an e-mail about that??

gabelar · ‎08-29-2005

Use SecMon with MC2.1.

It will report severity as described in question #1.

As far as #2, secmon in MC2.1 will "subscribe" to a sensor and the events are "more or less" real time. This means that once a subscrition is established the IPS appliance will send the event as it is generated. However keep in mind that if the IPS box is busy, attack interrupts take precendnce over event reporting. Bottom line is that events should be in secmon within 10-20 second of when they fired.

View solution in original post

gabelar · ‎08-29-2005

Use SecMon with MC2.1.

It will report severity as described in question #1.

As far as #2, secmon in MC2.1 will "subscribe" to a sensor and the events are "more or less" real time. This means that once a subscrition is established the IPS appliance will send the event as it is generated. However keep in mind that if the IPS box is busy, attack interrupts take precendnce over event reporting. Bottom line is that events should be in secmon within 10-20 second of when they fired.