Tina and all,
>about, and very little in the way of tools that help me quickly identify
>things which are "odd." Well, hell. That's not a sufficient improvement
>over the open source tools to make them worth the money...maybe it will be
>soon...
Well... I can tell you, but then I'd have to kill you :-) since its kinda
proprietary and our competitors are listening in :-) Basically, you CAN
define certain reports that will give you interesting oddities with no
preconceived notion of what you are looking for and with no 'known good'
list. The simplest example of that kind was already mentioned in this
thread: its the event rarity. Similarly, whatever wasn't happening for a
while and then suddenly happened will likely qualify as an oddity...
The purpose will be to do exactly what you said: 'show me the relevant
oddities from my logs.'
Best,
--
Anton A. Chuvakin, Ph.D., GCIA, GCIH
http://www.info-secure.org
http://www.securitywarrior.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 22:11:54 PDT