Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Event correlation engine?

From: JP Vossen <vossenjp () netaxs com>
Date: Tue, 26 Aug 2003 21:00:20 -0400 (EDT)
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
To: "'Huober, Joachim'" <joachim () sony de>,
   "'Rich Adamson'" <radamson () routers com>,
   Snort Users Postings <snort-users () lists sourceforge net>
Subject: AW: [Snort-users] Event correlation engine?
Date: Tue, 26 Aug 2003 07:26:47 +0200

There's a project called "ThreatMan"
(http://sourceforge.net/projects/threatman) which will provide a framework
for event correlation...

<snip>

We (the threatman team) are currently in a planning/pre-alpha prototyping
phase...


There is also SEC - simple event correlator [0] which looks interesting, but
I've never used it.


[0] http://simple-evcorr.sourceforge.net/

Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: