[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Log correlation best practices and white papers

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Log correlation best practices and white papers
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Sun, 1 Apr 2007 19:05:19 -0300
Cc: "william maddler" <news@xxxxxxxxxxx>
Content-disposition: inline
Content-transfer-encoding: 7bit
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TcYdmWYwc4zZRKsnPjN4niAN8FWM+Z1Vw0KAqiT2bg7AJvVKkaeHUACHmdATymWFnibHVtsnmtgxSalc+KWAgj23cWB4D+sdfzp5BO2yKsC9qTKgC48kpe8z/tWAD/43Xe6Vu0w2O//6gcZ/QAbH7aKKuAH8bQa55XS38QpAVyU=


Hi William,

I would suggest the following documents to you:

Log analysis for intrusion detection:
http://www.ossec.net/en/loganalysis.html

NIST guide to log management:
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf


There is probably many more interesting docs, but I couldn't find them
right now. Anyone else has any to share? It would be nice to have an
entry in the wiki with all of them...

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 3/30/07, william maddler <news@xxxxxxxxxxx> wrote:


Hi all,
does anyone could point to some existing good document about correlation
best practices and/or white papers?

Thank you all.
William

Follow-Ups:
- [ossec-list] Re: Log correlation best practices and white papers
  - From: william maddler

Next by Date: [ossec-list] Logs from SUHOSIN - PHP Hardened
Next by thread: [ossec-list] Re: Log correlation best practices and white papers
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.