Re: [logs] Visual Event Analysis WAS: most popular reports...?

• Previous message: Anton A. Chuvakin: "RE: [logs] most popular reports...?"
• In reply to: Raffael Marty: "[logs] Visual Event Analysis WAS: most popular reports...?"
• Next in thread: Matthew F. Caldwell: "RE: [logs] Visual Event Analysis WAS: most popular reports...?"
• Next in thread: Bruce Platt: "RE: [logs] most popular reports...?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>graphing. What about event-graphs (or link-graphs)? They don't have
>anything to do with moving averages, runs or distances from the mean.

So, what about them? :-) They certainly help if you have a specific
dataset that renders well as a link map (e.g. worm spread in not-too-large
network). How about a 10 mil events of "random" firewall data though - how
you would use link map to your advantage in such scenario (for either
attack discovery or just representing data)?

Best,
-- 
Anton A. Chuvakin, Ph.D., GCIA, GCIH
     http://www.info-secure.org
   http://www.securitywarrior.com


_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Anton A. Chuvakin: "RE: [logs] most popular reports...?"
• In reply to: Raffael Marty: "[logs] Visual Event Analysis WAS: most popular reports...?"
• Next in thread: Matthew F. Caldwell: "RE: [logs] Visual Event Analysis WAS: most popular reports...?"
• Next in thread: Bruce Platt: "RE: [logs] most popular reports...?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 22:13:55 PDT