Re: Alert Correlation
From: SecurIT Informatique Inc. (securit_at_iquebec.com)
Date: 08/13/03
- Previous message: Jonathan Rickman: "Re: IDS is dead, etc"
- In reply to: Thiago Mello: "Alert Correlation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Aug 2003 13:10:48 -0400 To: Thiago Mello <tmello@pop.com.br>
You can check the documentation from my tool LogIDS 1.0 (download at
http://securit.iquebec.com), where I cover the theory behind this tool and
how to configure it. It is a new kind of log analysis-based intrusion
detection system, gathered from various sources accross the network. This
is not "event correlation" in the original meaning of the word, but rather
an alternative way to see event correlation. This may gove you a different
look on the topic.
Hope it helps.
Floydman
At 04:30 PM 12/08/2003, Thiago Mello wrote:
>Hello
>
>Im doing a research on Alert correlation of IDS sensors, and until now I
>only just found two papers: Alert Correlation in a Cooperative Intrusion
>Detection Framework and Validation of Sensor Alert Correlators.
>
>If anybody could give me some links, I'll be very thankfull.
>
>Regards,
>
>--
>Thiago Mello - tmello@pop.com.br
>
>
>---------------------------------------------------------------------------
>Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
> - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
> - Automatically Control P2P, IM and Spam Traffic
> - Ensure Reliable Performance of Mission Critical Applications
>Precisely Define and Implement Network Security and Performance Policies
>**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
>Visit us at: http://www.captusnetworks.com/ads/31.htm
>---------------------------------------------------------------------------
>
>_____________________________________________________________________
>MSN Messenger, nouvelle version ! Personnalisez vos messages, jouez en
>ligne et communiquez en temps réel par vidéo! http://ifrance.com/_reloc/m
---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------
- Previous message: Jonathan Rickman: "Re: IDS is dead, etc"
- In reply to: Thiago Mello: "Alert Correlation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
