Raffael Marty wrote: >Just a quick answer to this: "determining stuff that is *not* >interesting" should not mean that you completely get rid of it. Keep it >in the system and have it run through the correlation engine and all >those neat things, but don't look at them. Ranum's second law of intrusion detection applies here: "the number of times an uninteresting thing happens is an interesting thing." mjr. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 16:21:42 PDT