RE: [logs] RE: NT Event Log and Web Server Attacks

From: Rainer Gerhards (rgerhardsat_private)
Date: Fri Jan 17 2003 - 11:22:45 PST

  • Next message: Kevin W. Gagel: "Re: [logs] RE: NT Event Log and Web Server Attacks"

    > Instead of reacting to an incident after it has
    > happened, try preventing the incident, or making it
    > difficult for an incident to actually occur.
    
    I fully agree on this. BUT: we all know we can not totally prevent an
    intrusion. So I am trying to setup some basic (near-real time) rules
    that will notify you when your other efforts have been broken. This is
    why I see "you hopefully will never see this event".
    
    Rainer
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Sat Jan 18 2003 - 21:25:12 PST