>suppose that i need to create a SOC for monitoring purpose ( like Counterpane First start with a LOT of money. You'll need it. :) Doing it right (never mind the cool flatpanel displays) is a _hard_ problem. Doing it wrong is pretty straightforward and you can do it in perl with regexps... ;) >- Correlation of event between different device Do you mean time-correlation, proximity-correlation or just mapping events into a normal form and then rewriting them back out? (e.g.: translation) "Correlation of events" is a marketing buzzword these days but nobody has a clue what it actually _IS_ - it occupies the same marketing-term-space as "drilldown" in IDS... mjr. --- Marcus J. Ranum - Computer and communications Security Expertise mjrat_private (http://www.ranum.com) --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Jul 18 2002 - 16:27:32 PDT