Wow, its a good doc (and I feel good since they referenced my paper in
there :-)), but it has some royally confusing points about the
relation between logs and SIM, SEM, ESM, etc. On the flip side, the
authors are not the ones to blame. The situation is genuinely pretty
confusing. For example, check out this insightful piece:
http://www.computerworld.com/blogs/node/2346?NLT_ST_B
On 4/24/06, Kerry Thompson <kerry@private> wrote:
> NIST have just announced the publication of the following document,
> which will probably be of interest to members of this list:
>
> Draft Special Publication 800-92, Guide to Computer Security Log
> Management.
>
> This document provides detailed information on developing, implementing,
> and maintaining effective log management practices throughout an
> enterprise. It includes guidance on establishing a centralized log
> management infrastructure, which includes hardware, software, networks,
> and media. To learn more about this draft document please visit the
> CSRC Drafts page - link provided below:
>
> URL: http://csrc.nist.gov/publications/drafts.html#sp800-92
>
>
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://www.securitywarrior.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Tue Apr 25 2006 - 12:01:51 PDT