Alert correlation

Alert correlation is a type of long analysis . It focuses on the process of clustering alerts (events), generated by NIDS and HIDS computer systems, to form higher-level pieces of information.

Example of simple alert correlation is grouping invalid login attempts to report single incident like “10000 invalid login attempts on host X”.

See also

  • ACARM
  • ACARM-ng
  • OSSIM
  • Prelude Hybrid IDS
  • Snort

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright computerforum.eu 2018
Shale theme by Siteturner