Graph of the Week at http://qosient.com/argus
Darren Spruell
phatbuckett at gmail.com
Wed Sep 13 22:21:29 EDT 2006
On 9/13/06, Carter Bullard <carter at qosient.com> wrote:
> Gentle people,
> Could you comment on the 'graph of the week' that I've added
> to the argus web page. The idea is to start talking about how
> to use argus data to do some things. If you have any suggestions
> comments/opinions as to what type of graphs would be useful,
> illustrative, whatever, please send email to me or the list!!!!!
I'll have to admit being ignorant as to what the graph really
illustrated. :) I'm relatively new to argus and have never used it for
any practical purpose, but have nevertheless been very interested in
the kind of stuff it can handle. I have to say "kind" because I'm not
absolutely sure of how to see practical benefit from it in obvious
ways. (That said, I haven't exactly dove right into it to figure out
the nitty gritties either.)
I'd be interested in seeing a range of practical applications of
argus, supported by either graphs or straight terminal output, and
focusing on pointed, practical tasks. For example, my activities
revolve around security monitoring and incident response, and I'm
interested in learning more about how traffic anomalies can be
identified by argus and how we can accomplish better network auding
capabilities (for example, correlating a given IDS event with "other"
traffic flows that we see for possibly compromised hosts, or even just
enumerating hosts and ports that the suspect has communicated with in
the last n hours.) Also, what sort of things is argus better suited
for in these regards compared to things like netflow and sflow or
rmon?
TIA
DS
More information about the argus
mailing list