[logs] A note about acronyms
Tina Bird
tbird at precision-guesswork.com
Thu Sep 27 13:23:59 PDT 2007
We've used a lot of acronyms in the current thread about firewall logs.
Old-timers, please try to remember that there are a lot of list subscribers
who probably don't know what a particular acronym means in the context of
logs and firewalls. Newbies, please feel free to ask questions, or, if
you've Googled things to figure them out, post that.
Off the top of my head:
NBS = Never Before Seen (ie., log messages which have never appeared before
are often worth investigating)
FTS = First Time Seen (ditto)
NBAD = Network-based Anomaly Detection (sudden changes in the amount or type
of network traffic is often worth investigating, especially on outbound
connections, since they may reveal a compromised internal host)
thanks -- tbird
More information about the LogAnalysis
mailing list