FloCon 2011 Argus Tutorial
Carter Bullard
carter at qosient.com
Mon Dec 20 11:14:01 EST 2010
Gentle people,
As you may know, I'm giving another 4 hour tutorial this year at FloCon.
Last year was on the basic of argus itself, this year its going to be on data
collection, aggregation, stream processing and database/repositories.
I am going to use a fairly sophisticated insider threat example to show how
to go about detecting, attributing and possibly mitigating the problem, using
argus data. The basic idea is to monitor multiple points within an enterprise
in order to fully understand a threat, so you need several monitors and some
multi-probe correlation.
This will primarily be a workshop for developers, with a lot of dialog on "what
should we do here?" and if the approaches are not in argus already, we'll talk
about how to enhance argus to meet the problem.
If there is something that you guys think would be important to talk about/mention,
please feel free to send email to the list or to me.
Hope I see you in Salt Lake City, and if you can't make it, I'm hoping we'll have
slides and notes on the site/wiki !!!!
Have a great holiday season,
Carter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101220/ca5fcb46/attachment.bin>
More information about the argus
mailing list