Graph of the Week at http://qosient.com/argus
Darren Spruell
phatbuckett at gmail.com
Fri Sep 15 00:34:20 EDT 2006
On 9/13/06, Peter Van Epp <vanepp at sfu.ca> wrote:
> > capabilities (for example, correlating a given IDS event with "other"
> > traffic flows that we see for possibly compromised hosts, or even just
> > enumerating hosts and ports that the suspect has communicated with in
> > the last n hours.) Also, what sort of things is argus better suited
> > for in these regards compared to things like netflow and sflow
> Some light reading on the subject :-)
>
> http://www.usenix.org/publications/login/2001-11/pdfs/epp.pdf
> http://www.malmedal.net/Malmedal_Master_Thesis.pdf
> http://www.internet2.edu/presentations/jtvancouver/20050720-Argus-VanEpp.pdf
Good reads, thanks.
To answer Carter's original question, I'd like to see more examples of
data analyzed and translated using the argus clients (something like
the scan of the month @ honeynet project) to see more practical use
cases. I get the impression there are a lot more uses than I can
imagine right now.
DS
More information about the argus
mailing list