[logs] Correlation Rules - BEST PRACTICES
Bruno Moraes
bdmoraes at bol.com.br
Fri Jun 1 07:15:07 PDT 2007
Dear All,
Good morning. I'm study about techniques of creation correlation rules. There are many log management tools in the market with native correlation rules in the software....
I need create a list of correlation rules that isn't native in the sec tool to my environment.
First Example that i thought: Create one correlation rule that alert when the users make duplicate login in the network..
What you have seen as best practices about creation of correlation rules user-defined? What are the best examples?
Other example: Log Integration between firewall x ids ...
Any suggestion?
Many thanks for attention.
Bernard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20070601/846875f3/attachment.html
More information about the LogAnalysis
mailing list