Eine Nachricht zum Schmunzeln aus der Mailingliste Security-Basics auf securityfocus.com:
Our CIO insists on using this app… ArcSight’s Threat Response
Manager is causing WAY more headaches then security.I don’t have time to
do what I should be doing,because this BEAST thinks normal network
activity is hostile!A weapon in one hand or a turd in the other,the way I see it!
Rant over!
Please DO NOT let anyone talk you into trying this.It finds so many
false positives,it will throttle your bandwidth to a point where it is
unusable!
Da hat wohl ein Entscheider gedacht, daß diese System sofort out-of-the-box und ohne weiteres Feintuning laufen …