Alert correlation
From HandWiki
Short description: Type of log analysis
This article relies largely or entirely on a single source. (April 2026) |
Alert correlation[1] is a type of log analysis. It focuses on the process of clustering alerts (events), generated by NIDS and HIDS computer systems, to form higher-level pieces of information.
Example of simple alert correlation is grouping invalid login attempts to report single incident like "10000 invalid login attempts on host X".
See also
- ACARM
- ACARM-ng
- Bottom-up and top-down approaches
- OSSIM
- Prelude Hybrid IDS
- Snort
References
