What happened to anomaly detection/packet dynamics? Are there clients?
Carter Bullard
carter at qosient.com
Thu May 31 10:13:53 EDT 2012
Hey Matt,
Most people do their own thing. We have lots of examples of things to do,
scan detection, access policy monitoring, covert channel detection, discovery detection,
asset inventory assessments, behavioral baselining, and with events, you have the
basic data for user / flow attribution etc……
So I think its happening. What do you expect to see that you aren't seeing?
Carter
On May 30, 2012, at 8:12 PM, Matt Brown wrote:
> Hello all,
>
> After some research, it's quite obvious that argus output can be used as input for anomaly detection.
>
> Carter was involved in a presentation at flocon 2012 that mentions a few cases of analysis: http://www.cert.org/flocon/2012/presentations/bullard-gerth-implementing-packet-dynamic-awareness-argus.pdf
>
> I also see that argus is mentioned in another presentation at cmu: http://www.andrew.cmu.edu/user/gnychis/imcfp04-nychis-slides.pdf
>
>
> What ever happened to this? Are there any plans to write a client that can perform some simple anomaly or other analysis?
>
>
> Thanks,
>
> Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120531/3cc50fb5/attachment.html>
More information about the argus
mailing list