Educause Security Discussion mailing list archives
SIEM/log management correlation rules
From: "Youngquist, Jason R." <jryoungquist () CCIS EDU>
Date: Fri, 9 Oct 2009 08:57:26 -0500
For those of you using SIEM/log management technology, have you developed any correlation rules or vendor pre-built correlation rules which you have found to be quite useful in detecting abnormal activity, detecting threats (internal and external), or compromises? Please respond off-list, and I will post a summary of the responses. Thanks. Jason Youngquist Information Technology Security Engineer, Security+ Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu
Current thread:
- SIEM/log management correlation rules Youngquist, Jason R. (Oct 09)