Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

SIEM/log management correlation rules

From: "Youngquist, Jason R." <jryoungquist () CCIS EDU>
Date: Fri, 9 Oct 2009 08:57:26 -0500
For those of you using SIEM/log management technology, have you developed any correlation rules or vendor pre-built 
correlation rules which you have found to be quite useful in detecting abnormal activity, detecting threats (internal 
and external), or compromises?

Please respond off-list, and I will post a summary of the responses.

Thanks.
Jason Youngquist
Information Technology Security Engineer, Security+
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu
http://www.ccis.edu
Previous By Date Next
Previous By Thread Next

Current thread: