IDS mailing list archives
Re: statistical Data Tools??? Can you recommend me some one, please !!!
From: Ron Gula <rgula () tenablesecurity com>
Date: Fri, 30 Jan 2009 09:43:07 -0500
saintarmin () hotmail com wrote:
Hi Could you recommend me some tools for Statistical Data? I have some sensors in my network and I want to obtain more statistical information about everything. But I would like to know more tools for this propouse....
Commercially, my company offers statistical profiling for any type of log, IDS event or netflow in a product called the Log Correlation Engine. I wanted customers to be able to spot small fluctuations in items like SSH login failures as much as as netflows from servers or 404 events on web sites. You can see a video demo of it here: http://cgi.tenablesecurity.com/demos/09f-correlation/09f-correlation.htm More demos are here: http://www.nessus.org/demos/ The engine profiles any type of normalized event and then lets you know when you've had a set of events, that when compared to all previous events of that type, is outside the normal activity for that host. I've found that statistical data is great for looking at changes in event rates and large event swings. For looking at events that occur the first time though, we had develop a different set of technology that focused on identifying new hosts and new events that had never previously occurred before. Ron Gula, CTO Tenable Network Security
Current thread:
- statistical Data Tools??? Can you recommend me some one, please !!! saintarmin (Jan 29)
- Re: statistical Data Tools??? Can you recommend me some one, please !!! Maggi Federico (Jan 30)
- Re: statistical Data Tools??? Can you recommend me some one, please !!! Ron Gula (Jan 30)