Correlation rules
Jaime Nebrera
jnebrera at eneotecnologia.com
Fri Nov 15 08:24:43 EST 2013
Hi all,
Let me introduce myself. We are developing a correlation engine for
redBorder, our open source security management platform.
We are looking for sources of ideas for correlation rules in the
security and netflow areas. Craig Merchant has suggested us to
query Argus list as its quite active and has a lot of knowledge inside.
Yes, I have already looked at
http://mbrownnyc.wordpress.com/2013/05/21/anomaly-detection-creating-baselines-and-determining-statistical-outliers-in-argus-data/
as well as the source suggested in that area.
We have also looked at Sec, OSSIM, Sagan, and others.
Any ideas or suggestions?
In particular, to start with we are interested in netflow specific rules.
Kind regards
--
Jaime Nebrera - jnebrera at eneotecnologia.com
Consultor TI - ENEO Tecnologia SL
C/ Manufactura 2, Edificio Euro, Oficina 3N
Mairena del Aljarafe - 41927 - Sevilla
Telf.- 955 60 11 60 / 619 04 55 18
More information about the argus
mailing list