IDS Correlation

From: 川市 (huili@sei.xjtu.edu.cn)
Date: 03/22/00

Previous message: Kerberus: "RE: *ICN - A Conspiracy of Inertia?"
Next in thread: Kohlenberg, Toby: "RE: IDS Correlation"
Reply: Kohlenberg, Toby: "RE: IDS Correlation"
Reply: Matthew F. Caldwell: "RE: IDS Correlation"
Reply: Oliver Petruzel: "RE: IDS Correlation (threat management)"
Reply: Keith T. Morgan: "RE: IDS Correlation"
Reply: Matthew F. Caldwell: "RE: IDS Correlation"
Reply: John S Flowers: "Re: IDS Correlation"
Reply: Keith T. Morgan: "RE: IDS Correlation"
Reply: eddonega@WellsFargo.COM: "RE: IDS Correlation"
Reply: Jared A. Tucker: "RE: IDS Correlation"
Reply: Matthew F. Caldwell: "RE: IDS Correlation"
Reply: Keith T. Morgan: "RE: IDS Correlation"
Reply: Jared A. Tucker: "RE: IDS Correlation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 22 Mar 2000 10:49:45 +0800
From: 川市 <huili@sei.xjtu.edu.cn>
To: "focus-ids@securityfocus.com" <focus-ids@securityfocus.com>

hi,all
  Recently I am focus on IDS correlation,but I am always thinking about the questions:
  1.Can correlation definitely improve the performance such as precison?
  2.Maybe a comprehensive knowledge base about all kinds of IDS's alerts is essential to correlation,but how can we acquire it?
  3.Supposed that we have the knowledge base,which kinds of method should we take to do correlation?
welcome all kinds of comments about correlation.

Previous message: Kerberus: "RE: *ICN - A Conspiracy of Inertia?"
Next in thread: Kohlenberg, Toby: "RE: IDS Correlation"
Reply: Kohlenberg, Toby: "RE: IDS Correlation"
Reply: Matthew F. Caldwell: "RE: IDS Correlation"
Reply: Oliver Petruzel: "RE: IDS Correlation (threat management)"
Reply: Keith T. Morgan: "RE: IDS Correlation"
Reply: Matthew F. Caldwell: "RE: IDS Correlation"
Reply: John S Flowers: "Re: IDS Correlation"
Reply: Keith T. Morgan: "RE: IDS Correlation"
Reply: eddonega@WellsFargo.COM: "RE: IDS Correlation"
Reply: Jared A. Tucker: "RE: IDS Correlation"
Reply: Matthew F. Caldwell: "RE: IDS Correlation"
Reply: Keith T. Morgan: "RE: IDS Correlation"
Reply: Jared A. Tucker: "RE: IDS Correlation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: IDS Correlation (threat management)
... Threat management systems perform correlation amongst all devices such ... 2.Maybe a comprehensive knowledge base about all kinds of IDS's alerts ...
(Focus-IDS)
RE: Correlation software
... >analysis and triage of FW, IDS, IPS, AV, VA and network events using ... >scans and recent event history and attack source. ... >rules for your correlation engine for each new potential attack vector ... Find out by easily testing it with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
Re: Ossim
... I'm an It engineering student co Politecnico di Milano. ... I'm studying ids correlation for my thesis ... the source code, nor a single doc about implementation. ... Test Your IDS ...
(Focus-IDS)
Need help in correlation
... E_status column from 'R' to 'C', i have to pick up ids from another ... based upon SourceID table(store procedure selects those id s from ... make only one receive shape as activity true and neither i can make ... ""you must specify at least one already-initialized correlation set ...
(microsoft.public.biztalk.general)
Need help in correlation
... E_status column from 'R' to 'C', i have to pick up ids from another ... based upon SourceID table(store procedure selects those id s from ... make only one receive shape as activity true and neither i can make ... ""you must specify at least one already-initialized correlation set ...
(microsoft.public.biztalk.general)