Re: IDS Correlation
From: John S Flowers (jflowers@well.com)Date: 03/25/02
- Previous message: Alexander Poizner: "RE: two sniffers on the same eth ifc performance impact?"
- Maybe in reply to: : "IDS Correlation"
- Next in thread: Hui Lee: "Re: Re: IDS Correlation"
- Next in thread: Keith T. Morgan: "RE: IDS Correlation"
- Reply: Hui Lee: "Re: Re: IDS Correlation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Mar 2002 12:57:21 -0800 To: oliver petruzel <opetruzel@cox.rr.com> From: John S Flowers <jflowers@well.com>
<vendor hat on>
The IP360 product offering has an Intrusion Detection feature that does
correlation with network intelligence automatically. It also provides a
robust, rules-based system for creating events and exposures based on
policy violations and checking components that are unique to your
environment. You might take a look at the product at http://www.nCircle.com
</vendor hat on>
On Friday, April 19, 2002, at 10:41 AM, oliver petruzel wrote:
>>
>>
>>>
>>> -----Original Message-----
>>> From: 李辉 [mailto:huili@sei.xjtu.edu.cn]
>>> Sent: Tue 3/21/2000 9:49 PM
>>> To: focus-ids@securityfocus.com
>>> Cc:
>>> Subject: IDS Correlation
>>>
>>>
>>>
>>> hi,all
>>> Recently I am focus on IDS correlation,but I am always thinking
>>> about the questions:
>>> 1.Can correlation definitely improve the performance such as
>>> precison?
>>> 2.Maybe a comprehensive knowledge base about all kinds of IDS's
>>> alerts is essential to correlation,but how can we acquire it?
>>> 3.Supposed that we have the knowledge base,which kinds of method
>>> should we take to do correlation?
>>> welcome all kinds of comments about correlation.
>>>
>>>
>>>
>
> that IS precisely what the threat management systems I listed for you
> perform. They have "intelligence" based on knowledge-bases that analyze
> and store data before presenting the findings.
>
> Cyberwolf in particular has an amzing intelligence engine with years of
> data in the knowledge base. It presents "conclusions," and in most cases
> multiple conclusions, based on various events over time over different
> systems and sensors. The current 1.8 version is seriously hurting in
> terms of gui and presentation, but v2.0 is due out this spring, early
> q2, and will have a full gui etc etc... check it out.
>
> the others i mentioned are slick too, and already have gui's and many
> awesome correlation features. I just happen to think CyberWolf has the
> best "intelligence"...
>
> good luck.
>
> oliver p.
>
>>>
>
>
>
- Previous message: Alexander Poizner: "RE: two sniffers on the same eth ifc performance impact?"
- Maybe in reply to: : "IDS Correlation"
- Next in thread: Hui Lee: "Re: Re: IDS Correlation"
- Next in thread: Keith T. Morgan: "RE: IDS Correlation"
- Reply: Hui Lee: "Re: Re: IDS Correlation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
