|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Trend analysis papers
From: Nawapong Nakjang` (tony
ksc.net)
Date: Sun Jul 06 2003 - 22:08:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If you want to do an analysis out of a flat log file, then you will be
in a lot of trouble finding the tools, spending time relating events to
one another. So i suggest u log IDS alerts to a database and use a
report tool or script to pull data for your correlation. You could write
your own or use open source tools outthere...Well, I am not surprised
that you didn't find any articles about IDS events correlation. This is
simply because performing an effective event analysis & correlation
really depends on the skill and experience of a person and how deeply
he/she understands the systems in their network. The process is very
complicated and there ain't any automated tools that really suit your
need, every network has its own culture and distinquishly unique
components
Nawapong Nakjang
IT Security Specialist
Security Team, Network Operation Center
KSC Commercial Internet Co, Ltd.
E-Mail: tonyksc.net
-----Original Message-----
From: dodo [mailto:ro_dodohotmail.com]
Sent: Tuesday, July 01, 2003 3:15 PM
To: focus-idssecurityfocus.com
Subject: Trend analysis papers
Hello,
I'm doing a research about Intrusion detection and I'm trying to make an
analysis according to some log files (snort). Now, I'm not sure what are
the
parameters that might effect (correlate) each other.
Moreover, I know that this problem is not a simple one due to the fact
that
my log is full with false-positive alert. I tried to find in sans
reading
room and securityfocus but there is no article about this issue.
Any comments/reference/full answers will be most appreciated.
Thanks a lot,
Ido.
------------------------------------------------------------------------
-------
The Lightning Console aggregates IDS events, correlates them with
vulnerability
info, reduces false positives with the click of a button, and
distributes this
information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to
learn more.
------------------------------------------------------------------------
-------
-------------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with vulnerability
info, reduces false positives with the click of a button, and distributes this
information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn more.
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]