What SIM (Security Information Management) system do you use?

[computadorka]

I know Arcsite is the big one.
Also Symantec has one.
Have you heard about NitroSecurity? That states they do Anomaly Detection, SIM, and Enterprise Management.

looks sweet.
http://www.nitrosecurity.com/media/

Do you guys use a SIM type product that gathers info from IPS, routers, switches, firewalls, windows logs and combines it into one big interface?

 

[jmphx]

Nope, don't use one.

Starting to look at 'splunk' though. Not necessarily for security specific functions, but just general log aggregation w/ searching and reporting.

 

[edicted]

We use Excel, and Master Locks..

No seriously we have looked at CiscoWorks, but the cost was more then we wanted to spend.

 

[computadorka]

I guess not to many high roller companies are represented here.

Ciscoworks is not a SIM.

 

[MorfiusX]

I've used KiWi for syslogs, GFI SELM (They changed the name though) for Windows events, and a hand built Linux box for this. The GFI product does well in a Windows environment. If you take the time, you can make syslogng on Linux do just about whatever you want.

 

[JDMs14]

Figured I'd bump this thread and see if any new people can contribute..

We use netForensics for our SIM (http://www.netforensics.com/) where I am (govt)

I'm currently starting to play around with OSSIM...seems pretty robust and I'm hoping to have it integrate with my home network. Anyone else have any experience with it?

 

[Darthkim]

For Cisco, it would be the MARS appliance.

We feed ours into a Symantec SOC for processing. Never really did see any value in bringing that inhouse (unless you have the manpower to do so).

Splunk is awesome for all sorts of things. We use it today for log consolidation of servers and some network devices.