Graph of the Week at http://qosient.com/argus
carter at qosient.com
carter at qosient.com
Fri Sep 15 09:56:58 EDT 2006
Hey Darren,
In my original email I was asking for some votes on focus. If you've got a particular interest, hearing about that would be great.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: "Darren Spruell" <phatbuckett at gmail.com>
Date: Thu, 14 Sep 2006 21:34:20
To:argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] Graph of the Week at http://qosient.com/argus
On 9/13/06, Peter Van Epp <vanepp at sfu.ca> wrote:
> > capabilities (for example, correlating a given IDS event with "other"
> > traffic flows that we see for possibly compromised hosts, or even just
> > enumerating hosts and ports that the suspect has communicated with in
> > the last n hours.) Also, what sort of things is argus better suited
> > for in these regards compared to things like netflow and sflow
> Some light reading on the subject :-)
>
> http://www.usenix.org/publications/login/2001-11/pdfs/epp.pdf
> http://www.malmedal.net/Malmedal_Master_Thesis.pdf
> http://www.internet2.edu/presentations/jtvancouver/20050720-Argus-VanEpp.pdf
Good reads, thanks.
To answer Carter's original question, I'd like to see more examples of
data analyzed and translated using the argus clients (something like
the scan of the month @ honeynet project) to see more practical use
cases. I get the impression there are a lot more uses than I can
imagine right now.
DS
More information about the argus
mailing list