Re: statistical Data Tools??? Can you recommend me some one, please !!!

[Ron Gula <rgula () tenablesecurity com>]

saintarmin () hotmail com wrote:
> Hi
>
> Could you recommend me some tools for Statistical Data?
>
> I have some sensors in my network and I want to obtain more statistical information about everything.
>
> But I would like to know more tools for this propouse....

Commercially, my company offers statistical profiling for any
type of log, IDS event or netflow in a product called the Log
Correlation Engine. I wanted customers to be able to spot
small fluctuations in items like SSH login failures as much as
as netflows from servers or 404 events on web sites.

You can see a video demo of it here:
http://cgi.tenablesecurity.com/demos/09f-correlation/09f-correlation.htm

More demos are here:
http://www.nessus.org/demos/

The engine profiles any type of normalized event and then
lets you know when you've had a set of events, that when compared
to all previous events of that type, is outside the normal activity
for that host.

I've found that statistical data is great for looking at changes
in event rates and large event swings. For looking at events that
occur the first time though, we had develop a different set of
technology that focused on identifying new hosts and new events
that had never previously occurred before.

Ron Gula, CTO
Tenable Network Security