IDS mailing list archives
Re: Correlation software
From: Mike Lyman <mlyman-security () comcast net>
Date: Fri, 19 Mar 2004 18:59:54 -0600
On Thu, 2004-03-18 at 10:07, sam () neuroflux com wrote:
Hello.. Thank you all for your responses to my Entercept email, they have all been fantastic! I am also looking to find out if there are any commercial Log Correlation packages available? I'm looking for something that can correlate Firewall + IDS + HIDS type of logs and create a logical flow of events.. Can anyone recommend, or point me in the right direction?
My standard answer to that is import to a database and start writing SQL queries. Nothing will match the flexibility and once you get good at it, you'll start finding things in your data you'll never find with other tools. SQL was one of the biggest required skills on the incident response/intrusion detection team at my old job. -- Mike Lyman <mlyman-security () comcast net> --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Correlation software sam (Mar 18)
- RE: Correlation software Mark Titley (Mar 19)
- Re: Correlation software Mike Lyman (Mar 22)
- RE: Correlation software Chris Petersen (Mar 23)
- RE: Correlation software Tadeo Cwierz (Mar 25)
- Re: Correlation software Rainer Duffner (Mar 23)
- <Possible follow-ups>
- Re: Correlation software Johann_van_Duyn (Mar 19)
- RE: Correlation software Phil Hollows (Mar 19)
- RE: Correlation software Chris Kirschke (Mar 19)
- Re: Correlation software Raffael Marty (Mar 22)
- RE: Correlation software Alberto Gonzalez (Mar 22)
- RE: Correlation software Mariusz Burdach (Mar 22)
- RE: Correlation software Joe Luna (Mar 22)
(Thread continues...)