Joe, Auditing techniques can be use to design a secure system, implement/build a secure system, or maintain a secure system. It is used throughout the system development lifecycle. I realize your perspective is on maintaining a secure system through detecting unexpected or undesirable events. Analysis is typically automated through the use of signautres or pattern matching. By constantly analysing/monitoring log data for these signatures alerts can be sent to trigger a human response. The automation may use a baseline of activity generated over time to determine a threshold of when an alert should be generated. There are many techniques used for this type of automation. Again, automated analysis and alerting boils down to perception again and understanding what rule may have been triggered. Brian _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 14:50:16 PST