We are trying to do that, It's a GNU GPL project called IPFC http://www.conostix.com/ipfc/ (check correlator and alerter script in the db-backend). Don't hesitate to check out cvs and participate to the project. On Fri, 19 Jul 2002 Lubomir.Nistorat_private wrote: > hmm lot of money is surely required (if not wasted on licenses and > implementation team it'll be wasted on opensource gurus to administer > it) > but flat panels pay off when there are more customers coming to see the > SOC you've built.. (they look cool alright..:) > > event correlation is what makes me sweat.. a perfect correlation should > do content corelation, time correlation etc.. that means it's always not > sufficiently correlated (whatever software)... > > Does anybody know any sec monitoring sw where you can modify correlation > rules? (not just time/device but also content?) > What are the limitations of correlation (how far should I correlate? i > doubt that achieving secure=yes/no status is wise :) > > lubo > > -----Ursprüngliche Nachricht----- > Von: Marcus J. Ranum [mailto:mjrat_private] > Gesendet: Donnerstag, 18. Juli 2002 23:43 > An: Fabio Pietrosanti (naif); loganalysisat_private > Betreff: Re: [logs] Security Monitoring software customization limit? > > > > >suppose that i need to create a SOC for monitoring purpose ( like > Counterpane > > First start with a LOT of money. You'll need it. :) > Doing it right (never mind the cool flatpanel displays) is a _hard_ > problem. > Doing it wrong is pretty straightforward and you can do it in perl with > regexps... ;) > > >- Correlation of event between different device > > > Do you mean time-correlation, proximity-correlation or just mapping > events > into a normal form and then rewriting them back out? (e.g.: translation) > "Correlation of events" is a marketing buzzword these days but nobody > has a clue what it actually _IS_ - it occupies the same > marketing-term-space > as "drilldown" in IDS... > > mjr. > > --- > Marcus J. Ranum - Computer and communications Security Expertise > mjrat_private (http://www.ranum.com) > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > > *********************************************************** > Neu bei STAR 21 NETWORKS > *********************************************************** > > > STAR 21 NETWORKS Internet Zugang jetzt auch mit DSL > und attraktiven, echten Flatrates > Mit der Einführung von DSL zum 1. Juli 2002 werden > die volumenabhängigen INTERNET ACCESS-Tarife > abgeschafft und kundenfreundliche Flatrate-Tarife > für alle Bandbreiten zwischen 384 Kbit/s und 6 Mbit/s > eingeführt, die ausschließlich mit gleicher Upstream- > und Downstream-Geschwindigkeit angeboten werden. > > > > Alle weiteren Infos unter: www.star21networks.de > <http://www.star21networks.de/> > infoat_private oder über unsere Service Hotline unter > 0 800 - 1 00 73 40. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Jul 19 2002 - 17:31:29 PDT